On Fri, 23 Mar 2007 16:16:55 +0100 Andreas Jung <lists@zopyx.com> wrote:
--On 23. März 2007 16:09:15 +0100 flem <flem@bjerke.dk> wrote:
I think this kind af date-deadlock is a vulnerability of the zope architecture. Is it the same thing with zope3? Isn't it an unnecessary vulnerability that an open zwiki comments field - or any other object making act open to the public where the anyone can set the date - can corrupt the time system irrepairbly.
Shouldn't there be some solutions:
1. A script could reset all relevant dates and the timestamp i the zodb.
2. The zope code should be changed so that the timestamp depended directly on the pc-clock notwithstanding the dates of the objects thus allowing for going backward in time.
I am not getting the point. What do you want to tell us?
That I think it is a vulnerability that a person can irrepairably corrupt zope's date system by sending one request with a wrong date (in my case using the default open comment opportunity in zwiki). Is this a vulnerability that also exists in zope3? Flemming