[Zope] Object's lines properties break code in Zope264rc2
Ausum Studio
ausum_studio at hotmail.com
Tue Feb 10 13:34:37 EST 2004
---- Original Message -----
From: "Brian Lloyd" <brian at zope.com>
> > An object with lines properties in Zope264rc2 returns a tuple, while in
> > Zope261 it returns a list.
> > I haven't found information about this, neither in the 264rc2's
> > changes log
> > nor within this list. Is it a bug or a new feature?
>
> It is a bug fix / security fix. Storing properties in lists
> is bad because lists are mutable and cannot be protected
> directly using security assertions. ...
I used to use that as a feature, though I agree that it can also be a
potential security breach. Maybe it's worth the pain to put that as a
configurable feature in z2.py, and the new standard as default.
Otherwise I'm afraid I'll have a rewriting weekend. Does this break code to
anyone else?
Ausum
> ... Theoretically, an evil-
> intentioned scripter could change a property if it is stored
> as a list (though they'd have to find some way to force the
> persistent state of the parent object to be saved for the
> change to be saved).
>
>
> Brian Lloyd brian at zope.com
> V.P. Engineering 540.361.1716
> Zope Corporation http://www.zope.com
>
>
>
More information about the Zope
mailing list