[Zope-dev] PageTemplateFile vs. Bindings vs. Security

Shane Hathaway shane at zope.com
Tue Mar 23 16:29:01 EST 2004


Jamie Heilman wrote:
> Paradoxically, by ignoring Zope's security framework in the context of
> on-disk methods this actually improves Zope's overall security.

I can see that.  It's interesting that when security is burdensome, it 
is often less secure overall as a result.  I see this pattern everywhere.

> So here's the questions I have for you all... is there a way to
> declare appropriate security on the bindings that are screwing me
> right now from within my product code so that I can selectively poke
> holes to allow container access where needed, or am I to be forcibly
> coerced into exposing my object to restricted code?  And two, assuming
> I haven't overlooked some detail about why forcing PageTemplateFile to
> work within the calling security context is a good thing...  Shouldn't
> we fix PageTemplateFile to work like DTMLFile wrt security?  How hard
> is it going to be to do that?

There certainly ought to be a way to create an unrestricted 
PageTemplateFile, though it should be an explicit step.

To do this, I would change Products/PageTemplates/Expressions.py.  It 
creates an expression evaluation engine and adds expression types to it. 
  It chooses the unrestricted or the restricted expression types based 
on whether the "Zope" module exists.  This is a wart.  Instead, I think 
it should create two engines, one restricted and one unrestricted.  Then 
you should be able to tell the PageTemplateFile constructor which engine 
to use.

Shane



More information about the Zope-Dev mailing list