[Zope-dev] uuid.UUID as a rock in zope.security
Jim Fulton
jim at zope.com
Fri Apr 10 09:03:41 EDT 2009
On Apr 3, 2009, at 2:57 AM, Brian Sutherland wrote:
> Hi,
>
> We're using UUIDs a lot, and it's pretty painful that they are
> security
> proxied. They're in the standard library from python 2.5
> (http://docs.python.org/library/uuid.html) and are immutable according
> to the documentation.
"According to the documentation" isn't good enough.
> I think they meet all the all the requirements to be rocks. So unless
> someone complains, I'll commit the attached patch in a few days.
>>> u = uuid.UUID('{12345678-1234-5678-1234-567812345678}')
>>> u.__dict__['int'] = 1
>>> u
UUID('00000000-0000-0000-0000-000000000001')
This isn't exactly immutable. The protection system would prevent
this sort of mutation, but I'm still nervous about a rock implemented
in Python. We have to be darn sure that there isn't some sort of loop
hole here. Really we have to do this with any rock and I'm not sure
we have the formalisms necessary to guide this.
Oh wait:
>>> del u.int
>>> u
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/python/2.5.1/lib/python2.5/uuid.py", line 192, in
__repr__
return 'UUID(%r)' % str(self)
File "/usr/local/python/2.5.1/lib/python2.5/uuid.py", line 198, in
__str__
hex = '%032x' % self.int
AttributeError: 'UUID' object has no attribute 'int'
Oops. This would not be prevented by the protection system. -1 for
making uuids rocks.
Jim
--
Jim Fulton
Zope Corporation
More information about the Zope-Dev
mailing list