On Monday 15 June 2009 17:29:47 Gustavo Narea wrote:
> Hello.
>
> From time to time I get (mostly private) emails from TG users who
> complained because there was no way to evaluate predicate checkers
> implicitly (i.e., without passing the environ explicitly) and now complain
> because, although it's possible, I strongly discourage it.
>
> So here I'll elaborate on the warning I put on the repoze.what-pylons docs,
> so I won't have to repeat the explanation over and over and over again in
> different ways, and keep receiving complaints (even from the same people)
> nevertheless.
>
> First of all, keep in mind that this has nothing to do with this
> functionality being handy or not. I agree it's handy, but that's out of the
> scope of this thread. My goal is _not_ to discuss if it's handy or not, but
> why it should be avoided.
>
> OK, so here I go...
>
> The warning reads:
> "This functionality was implemented by popular demand, but it’s strongly
> discouraged by the author of repoze.what because it’s a monkey-patch which
> brings serious side-effects when enabled:
>
> 1.- Third-party components which handle repoze.what predicates may get
> erroneous values after evaluating a predicate checker (even if they don’t
> use this functionality!).
> 2.- If another non-Pylons-based application uses the same monkey-patch and
> you mount it on your application (or vice versa), the predicates used by
> both application will share the same WSGI environ.
>
> In the two scenarios above, it will lead to serious security flaws. So
> avoid it by all means! Use predicate evaluators instead."
Just a thought. You argue above with security-flaws creeping into code if
__nonzero__ is used.
I'd like to make the point for the opposite - *not* evaluating the predicate
automatically via __nonzero__ creates one.
Consider the following situation:
<div py:if="in_group('admin')"> Some super secret stuff </div>
Now without the patch, this gets evaluated to a predicate - in other words an
object which is not amongst the objects python automatically treats
as "False".
So unless you *do* provide a __nonzero__-method on Predicates that always
yields False, users are likely to create security-flaws by forgetting the
evaluator. But then the reasoning of #1 falls flat on it's face as well.
Diez
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en
-~----------~----~----~----~------~----~------~--~---
