Flemming Bjerke schrieb:
On Fri, 23 Mar 2007 16:16:55 +0100 Andreas Jung <lists@zopyx.com> wrote:
--On 23. März 2007 16:09:15 +0100 flem <flem@bjerke.dk> wrote:
I think this kind af date-deadlock is a vulnerability of the zope architecture. Is it the same thing with zope3? Isn't it an unnecessary vulnerability that an open zwiki comments field - or any other object making act open to the public where the anyone can set the date - can corrupt the time system irrepairbly.
Shouldn't there be some solutions:
1. A script could reset all relevant dates and the timestamp i the zodb.
2. The zope code should be changed so that the timestamp depended directly on the pc-clock notwithstanding the dates of the objects thus allowing for going backward in time.
I am not getting the point. What do you want to tell us?
That I think it is a vulnerability that a person can irrepairably corrupt zope's date system by sending one request with a wrong date (in my case using the default open comment opportunity in zwiki).
Well, but this one can't be truth. ZODB time stamps are generated in the ZODB layer and not taken from request. In fact, the concept of a request is completely unknown to ZODB. Regards Tino