[Zope3-Users] Re: AW: View or content provider
daniel.nouri at gmail.com
Tue Jul 17 09:42:20 EDT 2007
Stephan Richter wrote:
> On Monday 16 July 2007 19:32, Daniel Nouri wrote:
>>> I do not recommend using views for content that is only
>>> used inside a template. Because "context/@@viewname"
>>> is also traversable as a real view and will probably show
>>> up in google.
>> How would it show up in Google? Google bots don't try arbitrary URLs, they
>> follow links.
>> Using ordinary views for parts of a HTML page works perfectly for me.
> It works at the cost of security. How do you know that noone will figure out
> those views? And how do you know that they are properly secured, if you never
> test them standalone? This might not be too problematic for a single project,
> but would you like to install a package and suddenly get all those views that
> you do not know whether they are properly secured and may reveal sensitive
> information? I can tell you that some of my clients do care about this!
How exactly is it easier to secure a viewlet over securing a view? The fact
that they're traversable doesn't mean that they have to be visible for
everyone, does it? Am I missing something here?
More information about the Zope3-users