In playing around with some ideas for enhancing
ZClasses, I stumbled into the following:

Using getClassAttr, you can retrieve any attribute of
the Python ZClass including built-in ones like:


Somewhat more troubling is the fact that I can change
these values using setClassAttr, possibly hosing
things quite well. I don't know if this is a security
flaw, but it looks kinda iffy to me, especially

This is a consequence of the fact that these user
defined attributes are stored as straight class
attributes. Perhaps they need to be stored in a
dictionary in the ZClass, although this will
unfortunately complicate inheritance. At the least,
access to methods named _* should be restricted. I
will write a patch for this if it is deemed necessary.

Thoughts anyone?

| Casey Duncan
| Kaivo, Inc.

Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices!

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to