[Zope-dev] C-extension in zope.i18nmessageid
Tres Seaver
tseaver at palladion.com
Tue Dec 23 16:36:50 EST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Marius Gedminas wrote:
> On Fri, Dec 12, 2008 at 12:45:27PM +0000, Malthe Borch wrote:
>>
>> Martijn Pieters wrote:
>>> The C extension is required to make messageids immutable. Because they
>>> are immutable, the security machinery can treat them as rocks, e.g.
>>> safe to pass around. Removing the C-extension undoes this, as you
>>> cannot make truely immutable.
>
>> I believe it is possible to do this in pure Python:
>
> I have doubts about that, but I don't think I'm smart enough to consider
> all the security implications.
I'm still waiting for somebody (Jim, Martijn, Marius) to outline *any*
security implication here: what kinds of attacks do you imagine become
possible if some nefarious user finds a way to mutate a message ID? And
are any such mutations feasible at all for applications which don't
allow untrusted users to write code? Note that preventing *programming
errors* is not sufficient justification in my mind: we already expect
Python developers to play as "consenting adults" inside of trusted code.
(later: Jim wrote me privately that he didn't have time to pursue the
qu estion, but thought the dicussion could go on).
Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJUVny+gerLs4ltQ4RAuNaAJ447pPnJ06+5vByqYQK6sP6/gm5HgCdH6LF
Yz0hukR5bqNCO3IRQYAG+ks=
=Kfhh
-----END PGP SIGNATURE-----
More information about the Zope-Dev
mailing list