[Zope-dev] Help review #181754

Christian Theune ct at gocept.com
Tue Jul 20 12:15:38 EDT 2010


On 07/20/2010 06:01 PM, Wichert Akkerman wrote:
> On 2010-7-20 17:39, Christian Theune wrote:
>> Hi,
>>
>> I just rejected issue
>> https://bugs.edge.launchpad.net/zope.app.testing/+bug/181754
>>
>> There might be room for different oppinions and if anyone would like to
>> veto the decision, I'd welcome a discussion.
>
> Your rejection contains an assumption that the request won't make it to
> the application. Is that assumption testable?

I guess so.

I think it's relatively clear that the application server should 
insulate the application from malignant requests.

The details probably depend on the HTTP implementation. zope.server, 
zope.app.twisted, Paster and others might deal with this differently. 
Looking at the interfaces between those parts of the application it 
makes no sense to have syntactially invalid requests end up on the 
application level.

At least, WRT this bug, I don't think it's a good idea to ask explicitly 
for bad requests to go to the application as the test layer should model 
real server behaviour as closely as possible. And again it wouldn't make 
sense anyway as you can't pass an unparsable request to the application.

Christian

-- 
Christian Theune · ct at gocept.com
gocept gmbh & co. kg · forsterstraße 29 · 06112 halle (saale) · germany
http://gocept.com · tel +49 345 1229889 0 · fax +49 345 1229889 1
Zope and Plone consulting and development



More information about the Zope-Dev mailing list