[Zope] How can I reset zope time???
Jens Vagelpohl
jens at dataflake.org
Sat Mar 24 05:05:01 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 24 Mar 2007, at 09:03, Flemming Bjerke wrote:
> That I think it is a vulnerability that a person can irrepairably
> corrupt zope's date system by sending one request with a wrong date
> (in my case using the default open comment opportunity in zwiki).
There is no "vulnerability". I think you're confusing a few things.
All I read from your description is that you, as the admin, used Undo
and even mucked with your database while having set the server to a
different time. That's no vulnerability, that's the admin user
messing with the database.
Requests don't have anything to do with either the ZODB time stamp or
any application time stamp. You should take a look at the code and
gain some better understanding of how the Wiki code generates or uses
dates. Date stamps are generated by taking the time as set on the
host machine. They are not generated from requests sent to the server.
jens
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iD8DBQFGBOm+RAx5nvEhZLIRAtOSAKCVrIpcYvZ/Nh0COEYn3scAbkmWlwCgropL
mVFgB/Qyn+mUNZLqzUqhbWE=
=Obim
-----END PGP SIGNATURE-----
More information about the Zope
mailing list