[Zope-dev] ForbiddenAttribute: why subclass AttributeError?
Christian Zagrodnick
cz at gocept.com
Fri Oct 17 10:32:16 EDT 2008
On 2008-10-15 17:49:30 +0200, Christian Theune <ct at gocept.com> said:
>
> Why is a ForbiddenAttribute also an AttributeError? Is this intended to
> avoid 'information leaks'?
>
> We found a nasty side-effect together with getattr and annotations: a
> user that didn't have read-access to __annotations__ would end up trying
> to create the annotations container again and again because getattr(obj
> '__annotations__', None) would return None instead of propagating the
> ForbiddenAttribute exception.
On a proxied object you'd never get an AttributeError but only
ForbidenAttribute, wouldn't you? So I think an ForbiddenAttribute as
subclass of AttributeError is the right thing.
--
Christian Zagrodnick · cz at gocept.com
gocept gmbh & co. kg · forsterstraße 29 · 06112 halle (saale) · germany
http://gocept.com · tel +49 345 1229889 4 · fax +49 345 1229889 1
Zope and Plone consulting and development
More information about the Zope-Dev
mailing list