On Fri, 23 Mar 2007 16:16:55 +0100
Andreas Jung <[EMAIL PROTECTED]> wrote:

> 
> 
> --On 23. März 2007 16:09:15 +0100 flem <[EMAIL PROTECTED]> wrote:
> 
> >>
> > I think this kind af date-deadlock is a vulnerability of the zope
> > architecture. Is it the same thing with zope3? Isn't it an unnecessary
> > vulnerability that an open zwiki comments field - or any other object
> > making act open to the public where the anyone can set the date - can
> > corrupt the time system irrepairbly.
> >
> > Shouldn't there be some solutions:
> >
> > 1. A script could reset all relevant dates and the timestamp i the zodb.
> >
> > 2. The zope code should be changed so that the timestamp depended
> > directly on the pc-clock notwithstanding the dates of the objects thus
> > allowing for going backward in time.
> >
> 
> I am not getting the point. What do you want to tell us?
> 
That I think it is a vulnerability that a person can irrepairably corrupt 
zope's date system by sending one request with a wrong date (in my case using 
the default open comment opportunity in zwiki). 

Is this a vulnerability that also exists in zope3?

Flemming
_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to