HI Jim > Betreff: Re: AW: [Zope-dev] Re: Request typing (to get the > xmlrpc layer discussionfinished)
[...] > > Configure views on layers will prevent us form backdoors if > we reuse > > this easy installable eggs ;-) > > > > Here is a simple sample of such a built-in backdoor: > > > > At our fresh zope installation: > > http://localhost:8080/@@absolute_url > > > > Of corse it's not this dangerous, but it shows you what I mean. > > > How do skins avoid this? Let me explain first how I define layer and skins. - A layer is a configuration discriminator (request type) for traversable components. - A named skin (configuration) makes it possible to traverse components using a context and this layer as disriminator as url path. This means in my point of view a layer is a concept which offers a configuration namespace which somebody can use or not. If a layer has allready defined views it doesn't affect anything till we map this layer as traversable namespace. By a traversable namespace I mean the layer registered by its traversable name. Also called skin and accessible by ++skin++Name. If we register "absolute_url" in a layer which isn't used in a skin, then this view is not available as traversable view because of the missing layer/named skin configuration. Regards Roger Ineichen > Jim > > -- > Jim Fulton > Zope Corporation > > > _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
