[Zope] Re: [Zope-dev] Introspection, managing External Methods?

Robin Becker robin@jessikat.demon.co.uk
Sun, 18 Jul 1999 22:13:40 +0100


In article <lswvvxkauu.fsf@aldous.digicool.com>, michel@digicool.com
writes
>Robin Becker <robin@jessikat.demon.co.uk> writes:
>
...
>XML-RPC worms (now THAT would be cool!).  The last thing we want to
>see is a back orifice for Zope, which is exactly what I think could be 
>developed if we ever provided a hole through Zope's security machinery.
>
>-Michel
in which case why allow any external methods since these allow exactly
the things you wish to forbid.

Sitting at a terminal I can create a hole this hole which is propagated
via Zope. What is the difference if the hole is programmed via Zope.

Should I have less faith in the passwd system than I do in the security
features of Zope?
-- 
Robin Becker