[Zope-dev] Request For Comments: SecurityJihad

R. David Murray bitz@bitdance.com
Tue, 14 Aug 2001 12:31:47 -0400 (EDT)


On Tue, 14 Aug 2001, Casey Duncan wrote:
> Changing that behavior (which admittedly is unintuitive if not worse),
> would break the vast majority of existing products. Why not go the other
> direction and make it so new products must subclass a new base class
> "DamnSecure" or somesuch that the ZPublisher looks for in order to alter
> that behavior (and others gracefully). Products that do not use this
> base class would cause a security warning to be outputted to the console
> and/or logs.

As I understand it, this is effectively what the proposal does,
except that instead of a new base class it is triggered simply by
the use of the (relatively new) declaritive security directives.
I do not think the vast majority of existing products use the new
security declarations, and I would consider breakage among those
that do to be something worth going through in order to make the
new security mechanisms "clean".  Arguably any product that uses
the new security stuff should be expecting the documented behavior
that the proposal is trying to get enforced, and so those products
are already broken, the bugs just haven't been detected yet.  The
proposal also contains a shortcut way for those product authors
(or users) to get the broken product working again, by using new
declarations to...well, turn the bugs back on.

For those older products that do not use declaritive security, the
status quo ante would still hold.

--RDM