[Zope3-Users] Re: AW: View or content provider

Daniel Nouri daniel.nouri at gmail.com
Tue Jul 17 09:42:20 EDT 2007


Stephan Richter wrote:
> On Monday 16 July 2007 19:32, Daniel Nouri wrote:
>>> I do not recommend using views for content that is only
>>> used inside a template. Because "context/@@viewname"
>>> is also traversable as a real view and will probably show
>>> up in google.
>> How would it show up in Google?  Google bots don't try arbitrary URLs, they
>> follow links.
>> Using ordinary views for parts of a HTML page works perfectly for me.
> It works at the cost of security. How do you know that noone will figure out 
> those views? And how do you know that they are properly secured, if you never 
> test them standalone? This might not be too problematic for a single project, 
> but would you like to install a package and suddenly get all those views that 
> you do not know whether they are properly secured and may reveal sensitive 
> information? I can tell you that some of my clients do care about this!

How exactly is it easier to secure a viewlet over securing a view?  The fact
that they're traversable doesn't mean that they have to be visible for
everyone, does it?  Am I missing something here?


More information about the Zope3-users mailing list