On Thu, 2003-05-08 at 19:29, tshumway@... wrote:
> > My idea was to use the new "metaclass" feature in concert with some of
> > its the new low-level methods to implement read, write, execute security
> > on the sub-object (attribute) level. Then, an application level class
> > (like a CMS object) could inherit from this security class and have
> > easy/transparent security.
> But if the higher level application class overrides the low-level methods,
> goodbye security.
I think you're looking at this wrong -- hard security, like Zope uses,
is one thing, but this is soft security. *All* the code is trusted.
This is about making a framework so that code can see whether the
logged-in user is sufficiently trusted. At least that's how I read it
-- and certainly what I'd be looking for, since untrusted code is way
too difficult to work with (and the limitations it creates are one of
the things that makes Zope so hard to work with as a Python programmer).
> > Stuff we're interested in:
> > - is this likely to be future-proof with python's evolution?
> Given the state of flux with attribute access, descriptors, etc. I would be very
I don't think there's any flux. 2.2 has been out for a while, 2.3 makes
no changes on this front, and there's clearly a commitment to the
semantics of new style classes. Even in 3.0 I wouldn't expect any
changes. Guido et. al. have specifically expressed their commitment to
not changing this stuff.