[development] CCK per field CRUD settings, caching complexity
Bèr Kessels
ber at webschuur.com
Tue May 30 08:21:13 UTC 2006
Op dinsdag 30 mei 2006 01:24, schreef Jeremy Epstein:
> What about if modules (or even themes) need to "see" certain values,
> for some kind of conditional logic, but the users aren't allowed to
> access them? In this case, your security model either can't be
> implemented, or would have to be hacked around; and "opt-out security"
> would be a better option.
Nothing, absolutely nothing, should hold a module from loading data. If
possible there should be proper apis for all that.
But if they do so, they ACTIVELY go out and collect that data, thus knowing
how ot handle it.
This is not the same as modules accidently showing something because they
forgot to call a certain filter/hook/etc. Forgetting something is done very
easily. and if your security model is built on top of "hoping that loads of
people are not forgetting stuff", you have a very bad security model.
Bèr
More information about the development
mailing list