← Back to team overview

launchpad-dev team mailing list archive

Re: warning: we will soon have much noise in the test results...

 

On Monday 26 July 2010 10:29:56 Robert Collins wrote:
> Lastly, and here I expose my ignorance of some subtleties in zope - I
> thought security proxies only lived between view and model objects,
> not between model objects?

That's right.  Once the code inside a proxied object is running, it's 
effectively security-free and can see objects that the code outside of it 
would not normally be able to access.

We need to be careful about this, because there's no protection against 
returning data to the caller that it should not see.



Follow ups

References