small summary and big plea was:(Re: [Zope-dev] Versions: should they die?)

Oliver Bleutgen myzope@gmx.net
Tue, 10 Jun 2003 14:34:36 +0200


Chris Withers wrote:
> Shane Hathaway wrote:
> 
>>
>> My opinion on this is a little different.  It's quite easy for anyone 
>> to make mischief on any Zope server that lets people make even minor 
>> changes to the site, such as giving feedback, posting a discussion 
>> item, etc.  

On the weekend I had the idea that it's even easier. See
http://zope.nipltd.com/public/lists/dev-archive.nsf/ByKey/D1CAAEC689AB7BA9
how to do that on an zope server.

>> All you have to do is include a Zope-Version cookie in the 
>> request and your changes will place a lock on any objects that the 
>> request touches.  Zope doesn't even check the validity of the 
>> Zope-Version cookie.  Anyone who is not a ZODB expert would have a 
>> hard time bringing the site back to sanity.
> 
> 
> This was my fear, and it's pretty shocking.
> 
> Maybe Oliver should do just such a thing on both collector.zope.org and 
> zope.org, or maybe cbsnewyork.com to prove a point and then this issue 
> will get the attention is deserves ;-)

Yeah, and I'm sure I'd get personal attention too, in a way I'd prefer 
not to get ;).

cheers,
oliver