-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Marius Gedminas wrote:
> On Fri, Dec 12, 2008 at 12:45:27PM +0000, Malthe Borch wrote:
>>
>> Martijn Pieters wrote:
>>> The C extension is required to make messageids immutable. Because they
>>> are immutable, the security machinery can treat them as rocks, e.g.
>>> safe to pass around. Removing the C-extension undoes this, as you
>>> cannot make truely immutable.
>
>> I believe it is possible to do this in pure Python:
> 
> I have doubts about that, but I don't think I'm smart enough to consider
> all the security implications.

I'm still waiting for somebody (Jim, Martijn, Marius) to outline *any*
security implication here:  what kinds of attacks do you imagine become
possible if some nefarious user finds a way to mutate a message ID?  And
are any such mutations feasible at all for applications which don't
allow untrusted users to write code?  Note that preventing *programming
errors* is not sufficient justification in my mind:  we already expect
Python developers to play as "consenting adults" inside of trusted code.

(later:  Jim wrote me privately that he didn't have time to pursue the
qu estion, but thought the dicussion could go on).



Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tsea...@palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJUVny+gerLs4ltQ4RAuNaAJ447pPnJ06+5vByqYQK6sP6/gm5HgCdH6LF
Yz0hukR5bqNCO3IRQYAG+ks=
=Kfhh
-----END PGP SIGNATURE-----

_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to