[Zope3-Users] Re: Security in Code, example, why does this work?

Reinhold Strobl reinhold.strobl at gmx.net
Mon Apr 10 08:39:13 EDT 2006


Thanks a lot for your reply, 


but up to now, I don't exactly know, which components are trusted or untrusted.

Ok, If I understand that right, that components made of untrusted code are
special interest of checkers and those checkers decide if the component can do
some things or not. And those decision is based on permission defined in the
security policy. 
Components made of trusted code can do everything they want, that means there
are no security checks. 

But again, what is trusted and untrusted code?

Are views always trusted code?

And what's the border? If I am in an untrusted code and I call a method of a
trusted code, this means I enter the trusted code (if I have the right
permissions). 

Sorry, but I do not understand fully this distinction, 

Thanks a lot for replies!








More information about the Zope3-users mailing list