[Zope] How can I reset zope time???
Flemming Bjerke
flem at bjerke.dk
Sat Mar 24 04:03:11 EDT 2007
On Fri, 23 Mar 2007 16:16:55 +0100
Andreas Jung <lists at zopyx.com> wrote:
>
>
> --On 23. März 2007 16:09:15 +0100 flem <flem at bjerke.dk> wrote:
>
> >>
> > I think this kind af date-deadlock is a vulnerability of the zope
> > architecture. Is it the same thing with zope3? Isn't it an unnecessary
> > vulnerability that an open zwiki comments field - or any other object
> > making act open to the public where the anyone can set the date - can
> > corrupt the time system irrepairbly.
> >
> > Shouldn't there be some solutions:
> >
> > 1. A script could reset all relevant dates and the timestamp i the zodb.
> >
> > 2. The zope code should be changed so that the timestamp depended
> > directly on the pc-clock notwithstanding the dates of the objects thus
> > allowing for going backward in time.
> >
>
> I am not getting the point. What do you want to tell us?
>
That I think it is a vulnerability that a person can irrepairably corrupt zope's date system by sending one request with a wrong date (in my case using the default open comment opportunity in zwiki).
Is this a vulnerability that also exists in zope3?
Flemming
More information about the Zope
mailing list