On Mon, Jul 26, 2010 at 12:13 PM, Julian Edwards <[email protected]> wrote: > If it is *really* needed, I would *much* rather see an explicit > removeSecurityProxy() with a comment explaining why you need to remove the > wrapper. It should be a conscious exception, not a trap you can fall into.
+1 I've fallen into that trap myself. As a result, if I have to remove a security proxy (in non-test code) I ask myself if the operation I'm about to do is one the user shouldn't be able to do of their own accord (otherwise it shouldn't be restricted by the security proxy in the first place) and I'm removing the security proxy because the system needs to perform some action that the user himself isn't allowed to do. Another rule of thumb I follow is that if I remove a security proxy I try not to bind the naked object to a name but instead perform the operation in the same expression as the call to removeSecurityProxy. That way I don't introduce any unintentional un-proxied operations later. If that's not possible I'll explicitly "del" the name binding as soon as I'm done with it (with copious comments to explain what's going on). -- Benji York _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
