On Fri, 23 Mar 2007 16:16:55 +0100
Andreas Jung <[EMAIL PROTECTED]> wrote:
> --On 23. März 2007 16:09:15 +0100 flem <[EMAIL PROTECTED]> wrote:
> > I think this kind af date-deadlock is a vulnerability of the zope
> > architecture. Is it the same thing with zope3? Isn't it an unnecessary
> > vulnerability that an open zwiki comments field - or any other object
> > making act open to the public where the anyone can set the date - can
> > corrupt the time system irrepairbly.
> > Shouldn't there be some solutions:
> > 1. A script could reset all relevant dates and the timestamp i the zodb.
> > 2. The zope code should be changed so that the timestamp depended
> > directly on the pc-clock notwithstanding the dates of the objects thus
> > allowing for going backward in time.
> I am not getting the point. What do you want to tell us?
That I think it is a vulnerability that a person can irrepairably corrupt
zope's date system by sending one request with a wrong date (in my case using
the default open comment opportunity in zwiki).
Is this a vulnerability that also exists in zope3?
Zope maillist - Zope@zope.org
** No cross posts or HTML encoding! **
(Related lists -