Tres Seaver wrote: > Hanno Schlichting wrote: >> Tres Seaver wrote: >>> Using __setitem__ and __delitem__ has security implicatinos for >>> untrusted code: how are you addressing them? >> Maybe I'm missing some knowledge about the security machinery then. I >> thought the methods wouldn't be available to untrusted code at all, as >> they start with an underscore. You simply won't be able to write >> om['id'] in untrusted code and still need to use the existing API. > > You don't access them by name when doing 'del om["id"]' or 'om["id"] = > None', so the underscore doesn't matter. I just tried from a > PythonScript and got a TypeError out of the RestrictedPython.Guards > module, so I guess that the obvious cases are covered.
Ok. I'll need to add more tests for these cases then. Hanno _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
