[Zope-dev] strange priv leak

Paul Winkler pw_lists@slinkp.com
Mon, 19 May 2003 10:48:08 -0400 

On Mon, May 19, 2003 at 12:34:44PM -0400, Shane Hathaway wrote:
> The same thing changed for integers and strings (and probably all other 
> built-in types).  The __doc__ check has always been hackish anyway.  Ideas?

start declaring security on stuff that's traditionally
relied on having no docstring?

i know, big job :-(  A quick bit of grepping turns up 59 .py files
that do something with manage_options, and a quick browse of
some of the results suggests that manage_options is typically a
class-level tuple with no security declarations.

which of course makes me wonder what else, besides manage_options,
typically lacks security declarations...

alternatively (I really really hate to suggest this)
we could add some checks to BaseRequest.traverse()
such that built-in types are not publishable.
I hate to suggest it because: 

1) traverse is already 266 lines
long!

2) it could sometimes be really handy to have trivial
publishable attributes that are built-in types, 
either for inspecting the state of an object via a browser or for 
RAD development of an app in the REST style 
(Representational State Transfer - see 
http://webservices.xml.com/pub/a/ws/2002/02/06/rest.html
for an intro). I could imagine implementing something like:

class BoxOfTools(SimpleItem):
    ...
    security.declarePublic('hammers')
    hammers = 0
    security.declarePublic('screwdrivers')
    screwdrivers = 0
    ...
    def __init__(self, ... hammers, screwdrivers):
        self.hammer = hammers 
	self.screwdrivers = screwdrivers
    # code to handle PUT goes here

Now an app using my server can visit http://server:8080/MyToolboxInstance/hammers
to find out how many hammers the instance at that URL has, and
can use http PUT to modify the instance.  Neat way to work, and
without built-in types being publishable it's just a bit more work:

    ...
    security.declarePublic('hammers')
    def hammers(self):
       """get the hammer count"""
       return str(self._hammers)
    ...


Admittedly this is a pretty small difference, and a silly example,
but there's something really appealing about the simplicity of the 
first example.

-- 

Paul Winkler
home:  http://www.slinkp.com
"Muppet Labs, where the future is made - today!"