[Zope] building a revisitable object list???
Tres Seaver
tseaver@palladion.com
Mon, 14 Feb 2000 15:21:58 -0600
Evan Simpson <evan@digicool.com> wrote:
> ----- Original Message -----
> From: Tres Seaver <tseaver@palladion.com>
> > That 'leaves.update(..}' is a really ugly workaround to the fact that
> > PythonMethods won't allow the "natural" dictionary manipulation: 'leaves[
> > leaf.id ] = leaf'. While I understand not wanting to allow key
> replacement in
> > "global" dictionaries, can we lose this restriction for "local" ones?
>
> Yes we can, provided you code carefully. See my PROPOSAL: in Zope-dev a few
> weeks ago.
>
> > (OTOH, we
> > need to look at potential security issues around the use of update(),
> too).
>
> Too true. Any exposed list or dict needs a sharp examination.
>
> Cheers,
>
> Evan @ digicool
Hmm, maybe we need to wrap any "global" dictionary / list in a "readonly
decorator", and let lists/dictionaries declared locally be the "normal" ones.
Actually, looking at the stock Python UserDict, we could just wrap any
dictionary exposed inside a PythonMethod (DTML, too?) in a UserDict: its
__init__() method already makes a (shallow) copy of the dictionary passed to
it. Any key assignments done would thus be localized (although mutable values
inside the source dictionary could still be munged).
Tres.
--
=========================================================
Tres Seaver tseaver@palladion.com 713-523-6582
Palladion Software http://www.palladion.com