Flemming Bjerke schrieb:
On Fri, 23 Mar 2007 16:16:55 +0100
Andreas Jung <[EMAIL PROTECTED]> wrote:

--On 23. März 2007 16:09:15 +0100 flem <[EMAIL PROTECTED]> wrote:

I think this kind af date-deadlock is a vulnerability of the zope
architecture. Is it the same thing with zope3? Isn't it an unnecessary
vulnerability that an open zwiki comments field - or any other object
making act open to the public where the anyone can set the date - can
corrupt the time system irrepairbly.

Shouldn't there be some solutions:

1. A script could reset all relevant dates and the timestamp i the zodb.

2. The zope code should be changed so that the timestamp depended
directly on the pc-clock notwithstanding the dates of the objects thus
allowing for going backward in time.

I am not getting the point. What do you want to tell us?

That I think it is a vulnerability that a person can irrepairably corrupt zope's date system by sending one request with a wrong date (in my case using the default open comment opportunity in zwiki).
Well, but this one can't be truth. ZODB time stamps are generated
in the ZODB layer and not taken from request. In fact, the concept
of a request is completely unknown to ZODB.

Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to