summaryrefslogtreecommitdiff
path: root/docs/devel_guide_src/safeDelegation.tex
diff options
context:
space:
mode:
Diffstat (limited to 'docs/devel_guide_src/safeDelegation.tex')
-rwxr-xr-xdocs/devel_guide_src/safeDelegation.tex44
1 files changed, 44 insertions, 0 deletions
diff --git a/docs/devel_guide_src/safeDelegation.tex b/docs/devel_guide_src/safeDelegation.tex
new file mode 100755
index 0000000..dd1a8aa
--- /dev/null
+++ b/docs/devel_guide_src/safeDelegation.tex
@@ -0,0 +1,44 @@
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\section{Safe Delegation}
+\label{safeDelegation}
+
+% @@MO: Does this really belong in the Developers' Guide or any guide?
+% It's more of a wiki Wishlist item, no? Especially since nobody has
+% expressed a need for it.
+
+Safe delegation, as provided by Zope and Allaire's Spectra, is not implemented
+in Cheetah. The core aim has been to help developers and template maintainers
+get things done, without throwing unnecessary complications in their
+way. So you should give write access to your templates only to those whom you
+trust. However, several hooks have been built into Cheetah so that safe
+delegation can be implemented at a later date.
+
+It should be possible to implement safe delegation via a future configuration
+Setting \code{safeDelegationLevel} (0=none, 1=semi-secure, 2-alcatraz). This
+is not implemented but the steps are listed here in case somebody wants to try
+them out and test them.
+
+Of course, you would also need to benchmark your code
+and verify it does not impact performance when safe delegation is off, and
+impacts it only modestly when it is on." All necessary changes can be made
+at compile time, so there should be no performance impact when filling the
+same TO multiple times.
+
+\begin{enumerate}
+
+\item Only give untrusted developers access to the .tmpl files.
+(Verifying what this means. Why can't trusted developers access them?)
+
+\item Disable the \code{\#attr} directive and maybe the \code{\#set} directive.
+
+\item Use Cheetah's directive validation hooks to disallow
+references to \code{self}, etc
+(e.g. \code{\#if \$steal(self.thePrivateVar)} )
+
+\item Implement a validator for the \$placeholders and use it
+to disallow '\_\_' in \$placeholders so that tricks like
+\code{\$obj.\_\_class\_\_.\_\_dict\_\_} are not possible.
+
+\end{enumerate}
+
+
View Lorry Controller Status