----- Original Message -----
From: Toby Dickenson <[EMAIL PROTECTED]>
> I dont think that's going to fly. It's perfectly ok for a persistant
> object to contain something that shouldn't be creatable.
True enough. Further thought has made me realize that a persistent object
could contain only valid instances and values, yet still subvert security
simply by playing with normally inaccessible instance attributes (eg. import
an acl_users containing a user with roles you don't possess).
Doing things right would involve inspecting each unpickled object minutely
to make sure it didn't have a bomb in its guts.
Security is hard :-/
Cheers,
Evan @ digicool & 4-am
_______________________________________________
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )