-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hanno Schlichting wrote: > Tres Seaver wrote: >> Using __setitem__ and __delitem__ has security implicatinos for >> untrusted code: how are you addressing them? > > Maybe I'm missing some knowledge about the security machinery then. I > thought the methods wouldn't be available to untrusted code at all, as > they start with an underscore. You simply won't be able to write > om['id'] in untrusted code and still need to use the existing API.
You don't access them by name when doing 'del om["id"]' or 'om["id"] = None', so the underscore doesn't matter. I just tried from a PythonScript and got a TypeError out of the RestrictedPython.Guards module, so I guess that the obvious cases are covered. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 [email protected] Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJotb/+gerLs4ltQ4RAl9eAKCr/dhaosmwFj4xlLFgQ7yu8o+Y2wCfR+Qp Civwmg8YYSw7mtIaP5xlS1w= =NdGJ -----END PGP SIGNATURE----- _______________________________________________ Zope-Dev maillist - [email protected] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
