Op dinsdag 30 mei 2006 01:24, schreef Jeremy Epstein:
What about if modules (or even themes) need to "see" certain values, for some kind of conditional logic, but the users aren't allowed to access them? In this case, your security model either can't be implemented, or would have to be hacked around; and "opt-out security" would be a better option.
Nothing, absolutely nothing, should hold a module from loading data. If possible there should be proper apis for all that. But if they do so, they ACTIVELY go out and collect that data, thus knowing how ot handle it. This is not the same as modules accidently showing something because they forgot to call a certain filter/hook/etc. Forgetting something is done very easily. and if your security model is built on top of "hoping that loads of people are not forgetting stuff", you have a very bad security model. Bèr