[Zope-dev] Import from upload?

Evan Simpson evan@digicool.com
Mon, 5 Jun 2000 12:05:38 -0400


----- Original Message -----
From: Toby Dickenson <mbel44@dial.pipex.net>

> I dont think that's going to fly. It's perfectly ok for a persistant
> object to contain something that shouldn't be creatable.

True enough.  Further thought has made me realize that a persistent object
could contain only valid instances and values, yet still subvert security
simply by playing with normally inaccessible instance attributes (eg. import
an acl_users containing a user with roles you don't possess).

Doing things right would involve inspecting each unpickled object minutely
to make sure it didn't have a bomb in its guts.

Security is hard :-/

Cheers,

Evan @ digicool & 4-am