[ZODB-Dev] ZEO pack

Toby Dickenson tdickenson@geminidataloggers.com
Tue, 9 Oct 2001 17:30:52 +0100


> > If it is possible for a through-the-web user to arrange for 
> the value
> > of the 'wait' parameter to be a cyclic object then zrpc.py will
> > explode, and the ZEO client process (ie Zope) will dump core.
> 
> Is this another thing that can only occur if you have 
> semi-trusted users who can
> write TTW code?

At the moment there is no such bug.

Exactly who can exploit any future bug obviously depends on the nature of
that bug. semi-trusted have more tools available that may allow them to
exploit any bug. Thats why they are trusted, right?

I dont see any bug in this area would be any different.

(ps sorry I missed the UK Zope meet)