-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hanno Schlichting wrote:
Tres Seaver wrote:
Using __setitem__ and __delitem__ has security implicatinos for untrusted code: how are you addressing them?
Maybe I'm missing some knowledge about the security machinery then. I thought the methods wouldn't be available to untrusted code at all, as they start with an underscore. You simply won't be able to write om['id'] in untrusted code and still need to use the existing API.
You don't access them by name when doing 'del om["id"]' or 'om["id"] = None', so the underscore doesn't matter. I just tried from a PythonScript and got a TypeError out of the RestrictedPython.Guards module, so I guess that the obvious cases are covered. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJotb/+gerLs4ltQ4RAl9eAKCr/dhaosmwFj4xlLFgQ7yu8o+Y2wCfR+Qp Civwmg8YYSw7mtIaP5xlS1w= =NdGJ -----END PGP SIGNATURE-----