On Wed, Mar 08, 2006 at 11:14:59PM +0100, yuppie wrote: > Paul Winkler wrote: > >On Wed, Mar 08, 2006 at 10:52:09PM +0100, yuppie wrote: > >>You could access the edit view with 'edit.html' instead of > >>'@@edit.html', but that has a major drawback: View names are not > >>protected in any way if used without '@@'. You can easily screw up your > >>site by adding content with the ID 'edit.html'. > > > >Could you elaborate? Does "not protected" mean that security > >is bypassed??? or what? > > Sorry. I thought the context makes clear what I mean. Protected against > overriding. Any user who is allowed to add content can override them > with content objects.
Ah, obvious in retrospect. I totally mis-parsed your message. Thanks. -- Paul Winkler http://www.slinkp.com _______________________________________________ Zope-CMF maillist - Zope-CMF@lists.zope.org http://mail.zope.org/mailman/listinfo/zope-cmf See http://collector.zope.org/CMF for bug reports and feature requests
