[Zope3-dev] Re: Python version for Zope 3.4 ?
Christian Theune
ct at gocept.com
Thu Sep 28 15:28:56 EDT 2006
Dieter Maurer wrote:
>Philipp von Weitershausen wrote at 2006-9-28 11:22 +0200:
>
>
>>...
>>
>>
>>>The last time this was discussed with Jim, the idea was to try to use
>>>Zope 3's security proxy approach in Zope 2 for Python Script security
>>>- Jim and I had some ideas I need to dredge up from the back of my
>>>mind.
>>>
>>>
>
>I am quite fearful in this regard:
>
> Lots of existing code rely on the fact that trusted code
> can do anything without to worry about security.
>
> As security proxies restrict trusted code, too (though trusted
> code can remove the wrapper), we might get more security
> at the cost of massive backward incompatibility.
>
>
As Zope 2 and Zope 3 merge in the long run, we'll have to worry about
this at one point. The major question nowadays is: do we want/need to do
it right now, or can we/should we procrastinate on this topic.
Christian
More information about the Zope3-dev
mailing list