[Zope3-checkins] SVN: Zope3/trunk/src/zope/app/security/_protections.py Configure zope.i18nmessageid.Message to be a brick. Add comments and a TODO

Gary Poster gary at zope.com
Fri Apr 15 12:11:46 EDT 2005


Log message for revision 30002:
  Configure zope.i18nmessageid.Message to be a brick.  Add comments and a TODO
  reminding that MessageID's brick status is problematic.
  
  

Changed:
  U   Zope3/trunk/src/zope/app/security/_protections.py

-=-
Modified: Zope3/trunk/src/zope/app/security/_protections.py
===================================================================
--- Zope3/trunk/src/zope/app/security/_protections.py	2005-04-15 14:57:03 UTC (rev 30001)
+++ Zope3/trunk/src/zope/app/security/_protections.py	2005-04-15 16:11:46 UTC (rev 30002)
@@ -21,7 +21,13 @@
 
     # Make sure the message id gets never proxied
     from zope.i18n.messageid import MessageID
+    from zope.i18nmessageid import Message
+    # TODO because MessageIDs are mutable, this is a security hole.  This hole
+    # is one of the primary reasons for the development of the Message 
+    # replacement.  See zope/i18nmessageid/messages.txt.
     defineChecker(MessageID, NoProxy)
+    # this, however, is not a security hole, because Messages are immutable.
+    defineChecker(Message, NoProxy)
 
     # add __parent__ and __name__ to always available names
     import zope.security.checker



More information about the Zope3-Checkins mailing list