[Zope3-dev] Re: Python version for Zope 3.4 ?
Jim Fulton
jim at zope.com
Thu Sep 28 16:10:56 EDT 2006
Dieter Maurer wrote:
> Philipp von Weitershausen wrote at 2006-9-28 11:22 +0200:
>> ...
>>> The last time this was discussed with Jim, the idea was to try to use
>>> Zope 3's security proxy approach in Zope 2 for Python Script security
>>> - Jim and I had some ideas I need to dredge up from the back of my
>>> mind.
>
> I am quite fearful in this regard:
>
> Lots of existing code rely on the fact that trusted code
> can do anything without to worry about security.
>
> As security proxies restrict trusted code, too (though trusted
> code can remove the wrapper), we might get more security
> at the cost of massive backward incompatibility.
Yup. This is a real danger. My original plan was to allow either
policy, making the Zope 3 policy optional.
Jim
--
Jim Fulton mailto:jim at zope.com Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
More information about the Zope3-dev
mailing list