[Zope3-dev] Layerd security proxies when using
__Security_checker__
Garrett Smith
garrett at mojave-corp.com
Sun Mar 13 11:54:51 EST 2005
Gary Poster wrote:
> __Security_checker__
>
>
>
> On Mar 13, 2005, at 12:29 AM, Garrett Smith wrote:
>
>> I'm running into a case where I'm getting a security-proxied security
>> proxy.
>
> ew. :-)
>
>> If I understand the code correctly, the implementation of Checker's
>> proxy method is at fault:
>>
>> def proxy(self, value):
>> checker = getattr(value, '__Security_checker__', None)
>> if checker is None: checker = selectChecker(value)
>> if checker is None:
>> return value
>> return Proxy(value, checker)
>>
>> This problem shows up in the first line for objects that provide
>> __Security_checker__. A proxy will happily return its proxied
>> object's __Security_checker__, causing it to become re-proxied.
>>
>> I believe `proxy` should explicitly check for security proxies:
>>
>> def proxy(self, value):
>> if type(value) is Proxy:
>> return value
>> ...
>>
>
> FWIW, my understanding is that this is best spelled with
> zope.proxy.isProxy:
>
> import zope.proxy
>
> def proxy(self, value):
> if zope.proxy.isProxy(value, Proxy):
> return value
> ...
>
> I believe that the difference between the two is that this code
> handles nested proxies, of which one might be a security proxy, and
> the "type(value) is Proxy" approach does not. Could be wrong.
I'm not positive, but I think this would be bad. We only want to avoid
re-wrapping an outermost security proxy. I don't think we want to assume
anything about nested proxies. I.e.
Proxy(Proxy(object, checker), checker)
is bad, but:
Proxy(MyCustomProxy(Proxy(object, checker)))
is a good thing. We can't assume anything about MyCustomProxy wrt the
security machinery.
-- Garrett
More information about the Zope3-dev
mailing list