AW: [Zope-dev] Re: Request typing (to get the xmlrpc layer discussionfinished)

Roger Ineichen dev at projekt01.ch
Mon Dec 17 12:39:18 EST 2007


Hi

> Betreff: [Zope-dev] Re: Request typing (to get the xmlrpc 
> layer discussionfinished)

[...]

> > We tend to think up complex use cases and then make the 
> zope framework 
> > more complicated to deal with them.  Sometimes these are legitimate 
> > use cases, but they are rarely common cases and their 
> solutions should 
> > generally not be inflicted on the masses.

Configure views on layers will prevent us form backdoors
if we reuse this easy installable eggs ;-)

Here is a simple sample of such a built-in backdoor:

At our fresh zope installation:
http://localhost:8080/@@absolute_url

Of corse it's not this dangerous, but it shows you what I mean.

I could you show many more of such built-in backdoors on
production system, but will not do this here because of 
security reason.

Regards
Roger Ineichen



More information about the Zope-Dev mailing list