On Fri, 23 Mar 2007 16:16:55 +0100 Andreas Jung <[EMAIL PROTECTED]> wrote:
> > > --On 23. März 2007 16:09:15 +0100 flem <[EMAIL PROTECTED]> wrote: > > >> > > I think this kind af date-deadlock is a vulnerability of the zope > > architecture. Is it the same thing with zope3? Isn't it an unnecessary > > vulnerability that an open zwiki comments field - or any other object > > making act open to the public where the anyone can set the date - can > > corrupt the time system irrepairbly. > > > > Shouldn't there be some solutions: > > > > 1. A script could reset all relevant dates and the timestamp i the zodb. > > > > 2. The zope code should be changed so that the timestamp depended > > directly on the pc-clock notwithstanding the dates of the objects thus > > allowing for going backward in time. > > > > I am not getting the point. What do you want to tell us? > That I think it is a vulnerability that a person can irrepairably corrupt zope's date system by sending one request with a wrong date (in my case using the default open comment opportunity in zwiki). Is this a vulnerability that also exists in zope3? Flemming _______________________________________________ Zope maillist - [email protected] http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
