diff options
| author | Steve Piercy <web@stevepiercy.com> | 2016-01-27 10:54:43 -0800 |
|---|---|---|
| committer | Steve Piercy <web@stevepiercy.com> | 2016-01-27 10:54:43 -0800 |
| commit | 4df9a09807a844192e7769489d452a071b59c80c (patch) | |
| tree | e8523f4eca7a91b28edb40ac0abdedebc6af290d /docs/designdefense.rst | |
| parent | 802c3f69b29a4c3ba2af68f0265372dce08e5bcc (diff) | |
| download | pyramid-4df9a09807a844192e7769489d452a071b59c80c.tar.gz pyramid-4df9a09807a844192e7769489d452a071b59c80c.tar.bz2 pyramid-4df9a09807a844192e7769489d452a071b59c80c.zip | |
minor grammar fixes, rewrap to 79 columns, in section "Zope 3 Enforces 'TTW'..."
Diffstat (limited to 'docs/designdefense.rst')
| -rw-r--r-- | docs/designdefense.rst | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/docs/designdefense.rst b/docs/designdefense.rst index f757a8e70..b7aca07ea 100644 --- a/docs/designdefense.rst +++ b/docs/designdefense.rst @@ -840,17 +840,16 @@ application deployment modifications instead, as if you were deploying an application written using any other web framework. -Zope 3 Enforces "TTW" Authorization Checks By Default; Pyramid Does Not +Zope 3 Enforces "TTW" Authorization Checks by Default; Pyramid Does Not ----------------------------------------------------------------------- Challenge +++++++++ :app:`Pyramid` performs automatic authorization checks only at :term:`view` -execution time. Zope 3 wraps context objects with a `security proxy -<http://wiki.zope.org/zope3/WhatAreSecurityProxies>`_, which causes Zope 3 to -do also security checks during attribute access. I like this, because it -means: +execution time. Zope 3 wraps context objects with a `security proxy +<http://wiki.zope.org/zope3/WhatAreSecurityProxies>`_, which causes Zope 3 also +to do security checks during attribute access. I like this, because it means: #) When I use the security proxy machinery, I can have a view that conditionally displays certain HTML elements (like form fields) or @@ -882,7 +881,7 @@ web framework. And since we tend to use the same toolkit for all web applications, it's just never been a concern to be able to use the same set of restricted-execution -code under two web different frameworks. +code under two different web frameworks. Justifications for disabling security proxies by default notwithstanding, given that Zope 3 security proxies are viral by nature, the only requirement @@ -895,6 +894,7 @@ Zope3-security-proxy-wrapped objects for each traversed object (including the :term:`context` and the :term:`root`). This would have the effect of creating a more Zope3-like environment without much effort. + .. _http_exception_hierarchy: Pyramid uses its own HTTP exception class hierarchy rather than :mod:`webob.exc` |