-----BEGIN PGP SIGNED MESSAGE-----
On 24 Mar 2007, at 09:03, Flemming Bjerke wrote:
That I think it is a vulnerability that a person can irrepairably
corrupt zope's date system by sending one request with a wrong date
(in my case using the default open comment opportunity in zwiki).
There is no "vulnerability". I think you're confusing a few things.
All I read from your description is that you, as the admin, used Undo
and even mucked with your database while having set the server to a
different time. That's no vulnerability, that's the admin user
messing with the database.
Requests don't have anything to do with either the ZODB time stamp or
any application time stamp. You should take a look at the code and
gain some better understanding of how the Wiki code generates or uses
dates. Date stamps are generated by taking the time as set on the
host machine. They are not generated from requests sent to the server.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
-----END PGP SIGNATURE-----
Zope maillist - Zope@zope.org
** No cross posts or HTML encoding! **
(Related lists -