AW: [Zope3-dev] skin support for xmlrpc

Stephan Richter srichter at
Mon Aug 27 23:19:59 EDT 2007

On Monday 27 August 2007 23:05, Roger Ineichen wrote:
> Are you all sure you understand the need of a layer in every
> kind of request? It's about permission registration and not
> skinning.

If it is not about skinning, it should not be done with layers.

What I think Christian is trying to do is to create different *namespaces* for 
an external API. I think that pluggable traversers or a custom namespace 
(maybe ++ns++<name>) would be a much less confusing solution.

> Since the skin directive is gone layer also support the
> skinning concept. But the main reason of layers is still
> offering a security namespace.

I disagree. I have *never* thought of it as a security namespace. I think of 
it as a *user interface* functionality namespace.

> In short
> --------
> "skin support in xmlrpc" --> No
> "layer support in xmlrpc" --> Yes it's a security issue!
> Layers allow us to use different security registrations
> for the same view in different projects.

Have we ever used layers in this way? Can you give me an example or use case?

The more I think about it, the more I think you are wrong. ;-) If you cannot 
access an action with certain credentials, then you are denied access to the 
API call. Having different semantics based on credentials for a given API 
call is a bad idea. You are better served having two functional namespaces. I 
think a pluggable traverser plugin best implements such a namespace for 

> seccurity issue
> ---------------
> Let's say you have a app offering a XML-RPC server
> shutdown view. You whould do the following:
> 1. regsiter a public and a private skin
> 2. register the XML-RPC view to the layer used by the private skin
> 3. Run Zope at port 8080 blocked form outside by firewall
> 4. Use Apache rewrite rules and point to the public and private skin
>     e.g. and
> 5. Use a rewrite rule and point to the private skin restricting
>    access to a internal network or some IP addresses.
> How whould you restrict access from the public skin to the XML-RPC
> view without layer support used in step 2?

The solution is pretty straight forward using a pluggable traverser. After 
all, pluggable traversers were designed to be maximally flexible and to allow 
all possibilities, which includes "simulating" skins, if you want.

Stephan Richter
CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student)
Web2k - Web Software Design, Development and Training

More information about the Zope3-dev mailing list