-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marius Gedminas wrote: > On Fri, Dec 12, 2008 at 12:45:27PM +0000, Malthe Borch wrote: >> >> Martijn Pieters wrote: >>> The C extension is required to make messageids immutable. Because they >>> are immutable, the security machinery can treat them as rocks, e.g. >>> safe to pass around. Removing the C-extension undoes this, as you >>> cannot make truely immutable. > >> I believe it is possible to do this in pure Python: > > I have doubts about that, but I don't think I'm smart enough to consider > all the security implications.
I'm still waiting for somebody (Jim, Martijn, Marius) to outline *any* security implication here: what kinds of attacks do you imagine become possible if some nefarious user finds a way to mutate a message ID? And are any such mutations feasible at all for applications which don't allow untrusted users to write code? Note that preventing *programming errors* is not sufficient justification in my mind: we already expect Python developers to play as "consenting adults" inside of trusted code. (later: Jim wrote me privately that he didn't have time to pursue the qu estion, but thought the dicussion could go on). Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 [email protected] Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJUVny+gerLs4ltQ4RAuNaAJ447pPnJ06+5vByqYQK6sP6/gm5HgCdH6LF Yz0hukR5bqNCO3IRQYAG+ks= =Kfhh -----END PGP SIGNATURE----- _______________________________________________ Zope-Dev maillist - [email protected] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
