[Zope] How can I reset zope time???
Tino Wildenhain
tino at wildenhain.de
Sat Mar 24 04:38:32 EDT 2007
Flemming Bjerke schrieb:
> On Fri, 23 Mar 2007 16:16:55 +0100
> Andreas Jung <lists at zopyx.com> wrote:
>
>>
>> --On 23. März 2007 16:09:15 +0100 flem <flem at bjerke.dk> wrote:
>>
>>> I think this kind af date-deadlock is a vulnerability of the zope
>>> architecture. Is it the same thing with zope3? Isn't it an unnecessary
>>> vulnerability that an open zwiki comments field - or any other object
>>> making act open to the public where the anyone can set the date - can
>>> corrupt the time system irrepairbly.
>>>
>>> Shouldn't there be some solutions:
>>>
>>> 1. A script could reset all relevant dates and the timestamp i the zodb.
>>>
>>> 2. The zope code should be changed so that the timestamp depended
>>> directly on the pc-clock notwithstanding the dates of the objects thus
>>> allowing for going backward in time.
>>>
>> I am not getting the point. What do you want to tell us?
>>
> That I think it is a vulnerability that a person can irrepairably corrupt zope's date system by sending one request with a wrong date (in my case using the default open comment opportunity in zwiki).
>
Well, but this one can't be truth. ZODB time stamps are generated
in the ZODB layer and not taken from request. In fact, the concept
of a request is completely unknown to ZODB.
Regards
Tino
More information about the Zope
mailing list