[development] CCK per field CRUD settings, caching complexity

Bèr Kessels ber at webschuur.com
Tue May 30 08:21:13 UTC 2006

Op dinsdag 30 mei 2006 01:24, schreef Jeremy Epstein:
> What about if modules (or even themes) need to "see" certain values,
> for some kind of conditional logic, but the users aren't allowed to
> access them? In this case, your security model either can't be
> implemented, or would have to be hacked around; and "opt-out security"
> would be a better option.

Nothing, absolutely nothing, should hold a module from loading data. If 
possible there should be proper apis for all that.
But if they do so, they ACTIVELY go out and collect that data, thus knowing 
how ot handle it. 
This is not the same as modules accidently showing something because they 
forgot to call a certain filter/hook/etc. Forgetting something is done very 
easily. and if your security model is built on top of "hoping that loads of 
people are not forgetting stuff", you have a very bad security model.


More information about the development mailing list