Casey Duncan wrote:
The security implications do not seem dire enough to me to warrent trying to squeeze this into 2.6.x. If you do not use versions then none of the implications apply. Perhaps it might be possible to do additional security checks to make entering versions more protected. This might be an appropriate change for 2.6.

My opinion on this is a little different. It's quite easy for anyone to make mischief on any Zope server that lets people make even minor changes to the site, such as giving feedback, posting a discussion item, etc. All you have to do is include a Zope-Version cookie in the request and your changes will place a lock on any objects that the request touches. Zope doesn't even check the validity of the Zope-Version cookie. Anyone who is not a ZODB expert would have a hard time bringing the site back to sanity.

I think 2.6 ought to fix this by disabling recognition of the Zope-Version cookie and disabling the creation of Version objects, with an option to re-enable.


Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists - )

Reply via email to