[Zope-dev] Broken authentication with zope.app.component 3.4.1 BBB code

Marius Gedminas marius at gedmin.as
Sun Jul 19 16:25:35 EDT 2009


On Sun, Jul 19, 2009 at 11:55:45AM -0400, Jim Fulton wrote:
> On Wed, Jul 15, 2009 at 4:08 PM, Marius Gedminas<marius at gedmin.as> wrote:
> ...
> > This is a pretty serious issue, so I'd appreciate some review from
> > people who know about local component registries.  The fix is here:
> >
> >  http://svn.zope.org/zope.app.component/?rev=101931&view=rev
> 
> Thanks for digging into this.
> 
> You should use a generation to fix the problem rather hacking
> __setstate__.  The hard part of this is figuring out where to put the
> generation. I wonder where that standard schema manager is. Maybe you
> should just create one for zope.app.component.

It used to be in zope.app.generations.  I don't know how exactly the
coordination for all that works now after the eggsplosion.

Note that zope.app.component currently implements most of its BBB via
__setstate__ methods that explicitly try to avoid dirtying the objects.
I don't know the rationale for that -- maintaining the ability to roll
back to ancient Zope without reverting transactions in Data.fs, or
perhaps just avoiding write-on-read semantics?  That's part of why I
asked for a review.

Marius Gedminas
-- 
http://pov.lt/ -- Zope 3 consulting and development
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mail.zope.org/pipermail/zope-dev/attachments/20090719/29050f4c/attachment.bin 


More information about the Zope-Dev mailing list