Security Checkers Become Security Proxy Factories
Status: IsProposal
Author
Problem
The process for creating security proxies is a bit inflexible. Currently, the process for creating a security is:
- Select a checker
- Call zope.security.proxy.Proxy, passing the object and the checker.
Sometimes, we want to change the way this works:
- We want "untrusted adapters". Untrusted adapters have the property that, when you proxy them, you rebind them to security proxied objects.
- In Zope 2, we'd like to try to use a "milder" security proxy that is backward compatible with Zope 2 while still giving us an important advantage of proxies, namely that we don't have to rely (very much) on custom compilation of Python code.
We want the mechanism for creating proxies to be determined by the security declarations, which are expressed by the checkers.
Proposal
I propose to make security checkers callable. The process for creating a security proxy would become:
- Select a checker
- Call the checker, passing the object.
Then custom checkers can be used to provide specialized proxy creation.
Risks
- The IChecker? interface will grow a __call__ method. I doubt that anyone has created custom checkers, without subclassing the standard ones. If they have, then there could be a backward compatibility issue.
- This will be slightly slower. Hopefully, the impact will be too small to matter.