----- Original Message -----
From: Toby Dickenson <[EMAIL PROTECTED]>

> I dont think that's going to fly. It's perfectly ok for a persistant
> object to contain something that shouldn't be creatable.

True enough.  Further thought has made me realize that a persistent object
could contain only valid instances and values, yet still subvert security
simply by playing with normally inaccessible instance attributes (eg. import
an acl_users containing a user with roles you don't possess).

Doing things right would involve inspecting each unpickled object minutely
to make sure it didn't have a bomb in its guts.

Security is hard :-/


Evan @ digicool & 4-am

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to