5 Jun
2000
5 Jun
'00
4:05 p.m.
----- Original Message ----- From: Toby Dickenson <mbel44@dial.pipex.net>
I dont think that's going to fly. It's perfectly ok for a persistant object to contain something that shouldn't be creatable.
True enough. Further thought has made me realize that a persistent object could contain only valid instances and values, yet still subvert security simply by playing with normally inaccessible instance attributes (eg. import an acl_users containing a user with roles you don't possess). Doing things right would involve inspecting each unpickled object minutely to make sure it didn't have a bomb in its guts. Security is hard :-/ Cheers, Evan @ digicool & 4-am