Hash: SHA1

Dieter Maurer wrote:
> yuppie wrote at 2006-3-15 11:23 +0100:
>>Zope 2's checkValidId makes sure this doesn't happen with Zope 2 folder 
>>methods, Zope 3's NameChooser makes sure this doesn't happen with Zope 3 
>>folder views. Even the bad_id-patch described above doesn't allow to 
>>override folder methods.
> Maybe, the "checkValidId" should refuse to add an object with
> an id that hides a view declared for this folder and not
> reject any id that might (potentially) hide a view because
> it starts with "@" or "+"...
> This would prevent the security concerns you seem to have
> and allows for most ids to be accepted...

Such objects would still suffer from potential future namespace clashes
with views not yet declared, or even not yet appropriate to the object
in its current state (e.g, should it acquire a new marker interface, its
set of views would be larger).

I would think that the reasonable thing to do here is to make the "id
validation" policy pluggable (e.g., via an adapter), so that users with
different needs can supply appropriate policies.  The question then
becomes which policy should be the default.  Given that such IDs are
only recently possible in Zope, I would say using a more restrictive
policy by default would be sensible.

- --
Tres Seaver          +1 202-558-7113          [EMAIL PROTECTED]
Palladion Software   "Excellence by Design"    http://palladion.com
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to