On Monday 27 August 2007 23:05, Roger Ineichen wrote: > Are you all sure you understand the need of a layer in every > kind of request? It's about permission registration and not > skinning.
If it is not about skinning, it should not be done with layers. What I think Christian is trying to do is to create different *namespaces* for an external API. I think that pluggable traversers or a custom namespace (maybe ++ns++<name>) would be a much less confusing solution. > Since the skin directive is gone layer also support the > skinning concept. But the main reason of layers is still > offering a security namespace. I disagree. I have *never* thought of it as a security namespace. I think of it as a *user interface* functionality namespace. > In short > -------- > > "skin support in xmlrpc" --> No > "layer support in xmlrpc" --> Yes it's a security issue! > > Layers allow us to use different security registrations > for the same view in different projects. Have we ever used layers in this way? Can you give me an example or use case? The more I think about it, the more I think you are wrong. ;-) If you cannot access an action with certain credentials, then you are denied access to the API call. Having different semantics based on credentials for a given API call is a bad idea. You are better served having two functional namespaces. I think a pluggable traverser plugin best implements such a namespace for XML-RPC. > > seccurity issue > --------------- > > Let's say you have a app offering a XML-RPC server > shutdown view. You whould do the following: > > 1. regsiter a public and a private skin > 2. register the XML-RPC view to the layer used by the private skin > 3. Run Zope at port 8080 blocked form outside by firewall > 4. Use Apache rewrite rules and point to the public and private skin > e.g. private.foo.com and public.foo.com > 5. Use a rewrite rule and point to the private skin restricting > access to a internal network or some IP addresses. > > How whould you restrict access from the public skin to the XML-RPC > view without layer support used in step 2? The solution is pretty straight forward using a pluggable traverser. After all, pluggable traversers were designed to be maximally flexible and to allow all possibilities, which includes "simulating" skins, if you want. Regards, Stephan -- Stephan Richter CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training _______________________________________________ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
