[Zope3-dev] Heads up: new security policy
Jim Fulton
jim at zope.com
Wed Jul 21 18:22:01 EDT 2004
Hi,
I will soon check in a rewrite of the security policy.
This will:
- Fix a bug (actually a missfeature). It wasn't possible
for local settings to override global (zcml) settings.
- Changed the way role denies work. A role deny simply prevents
a principal from having a role. A principal may still
have access through other roles or through principal grants.
Role grants or denies never override principal grants or denies
*even* if the role-based grants or denies are more local.
- Implemented a caching scheme that provides huge performance
benefits when the authenticated principal is defined in a local auth
service, rather than a global one (zcml).
It's possible that the changes will lead to different security decisions
for your site.
Jim
--
Jim Fulton mailto:jim at zope.com Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
More information about the Zope3-dev
mailing list