-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dieter Maurer wrote:
yuppie wrote at 2006-3-15 11:23 +0100:
... Zope 2's checkValidId makes sure this doesn't happen with Zope 2 folder methods, Zope 3's NameChooser makes sure this doesn't happen with Zope 3 folder views. Even the bad_id-patch described above doesn't allow to override folder methods.
Maybe, the "checkValidId" should refuse to add an object with an id that hides a view declared for this folder and not reject any id that might (potentially) hide a view because it starts with "@" or "+"...
This would prevent the security concerns you seem to have and allows for most ids to be accepted...
Such objects would still suffer from potential future namespace clashes with views not yet declared, or even not yet appropriate to the object in its current state (e.g, should it acquire a new marker interface, its set of views would be larger). I would think that the reasonable thing to do here is to make the "id validation" policy pluggable (e.g., via an adapter), so that users with different needs can supply appropriate policies. The question then becomes which policy should be the default. Given that such IDs are only recently possible in Zope, I would say using a more restrictive policy by default would be sensible. Tres. - -- =================================================================== Tres Seaver +1 202-558-7113 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEGLUt+gerLs4ltQ4RAiHvAJ9MYRbR7xARubp/yX6W22tABURpxwCff4Ls /Ru0OVluMzODwSge3eAhf7U= =f/Iz -----END PGP SIGNATURE-----