On Monday 26 July 2010 11:15:01 Jonathan Lange wrote:
> In Launchpad, we have deliberately registered special ZCML handlers to
> make sure that our utilities are wrapped in security proxies (the
> "securedutility" directive). Thus, getUtility(IFooSet) returns a
> security-proxied IFooSet provider. Methods called on that IFooSet
> provider also return security-proxied objects.
I've seen a proliferation recently of people writing code like:
class FlangeGrobbler:
@classmethod
def new(cls, ...)
which completely bypasses the security adapter when returning new objects.
I think this should stop and the code be converted to IFlangeGrobblerSet.new()
style, or at the very least audited for security concerns.
_______________________________________________
Mailing list: https://launchpad.net/~launchpad-dev
Post to : [email protected]
Unsubscribe : https://launchpad.net/~launchpad-dev
More help : https://help.launchpad.net/ListHelp
