-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/01/2011 05:32 AM, Georges Dubus wrote: > Hi there > > I was looking at the virginia sample application, and I have a few > question : > > - What mechanism protects the application from viewing the /../ dir ? > I know the open method from Filesystem check the path before opening a > file, but that doesn't explain that when going to the url > http://localhost:6543/../ > , I am redirect to http://localhost:6543/../ .
I'm afraid the example doesn't defend against relative '..' at all. > - Is there a reason so much interfaces are used ? IFilesystem is never > referenced outside of Filesystem, and IStructuredText isn't even > implemented. > > Thank for helping me understand that. The pattern of registering views and adapters against interfaces, rather than directly against classes, goes back to our Zope-ish roots. I think some of those interfaces are actually left over from the time when Chris re-wrote 'repoze.kiss' to function as a BFG-based application: in 'repoze.kiss', there were real views registered for all the interfaces. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1tbI4ACgkQ+gerLs4ltQ6ZLQCgvorjihl46I9qN6owboTb20vw mxcAnRAwA3sD0BkDVWTHUixH4puvKNpY =VutI -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "pylons-devel" group. To post to this group, send email to pylons-devel@googlegroups.com. To unsubscribe from this group, send email to pylons-devel+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-devel?hl=en.