[Zope3-dev] Re: Duplicated zope.decorator in zope.app.container
Jim Fulton
jim at zope.com
Mon Sep 25 11:54:31 EDT 2006
On Sep 25, 2006, at 11:04 AM, Christian Theune wrote:
> Hi,
>
> Jim Fulton wrote:
>> Yes, now that you mention it. Proxies should be as transparent as
>> possible. As such, they shouldn't add additional attributes if
>> they can
>> avoid it. I think it's best to leave things as they are, with a
>> comment
>> pointing out that the difference is in the version of
>> getProciedObject
>> used.
>
> I wonder if that is only due to the use of proxies for security
> proxies.
> In this case I understand that the proxy needs to be as transparent as
> possible to avoid attack vectors on the proxy itself.
It is also important for contained proxies.
> For other proxies I could imagine that this isn't true. I think
> traversal proxies are one example. They would be fine if they were
> translucent not transparent, or not?
I can imagine all sorts of things, but experience has shown that
transparency is for proxies as a general principle.
Jim
--
Jim Fulton mailto:jim at zope.com Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
More information about the Zope3-dev
mailing list