[Zope] Re: Error -> A TaintedString cannot be pickled

Jamie Heilman jamie@audible.transient.net
Thu, 17 Apr 2003 13:38:04 -0700 

Dieter Maurer wrote:
> Jamie Heilman wrote at 2003-4-16 12:53 -0700:
>  > Personally I think REQUEST.get is a hallmark of horrible design anyway.
> Why do you think so?

It flattens namespaces that don't have the same characteristics.

This tends to catch programmers off guard and introduce bugs.  If you
have an 8k header limit defined in your HTTP server along with a 1M
POST limit and then you use REQUEST.get() to grab a cookie value
without taking into account that it could be 1M in length before you
go to process it, bad things can happen.  "This is one of the
instances where you should use the exact dictionary," you say.  Well
sure, but what do you do when you've got interfaces built around
REQUEST.get() magic that don't let you choose?  Case in point, a
RAMCache's aggregateIndex function blindly REQUEST.get()'s a list of
manager defined variables.  If you aren't careful this has some really
really shitty security implications.

It also changes the trust characteristics of the variables.  A
key-value pair provided by the server that the request has no inate
ability to change, normally trustworthy, is degraded by getting placed
into the grab order of REQUEST.get().  That alone isn't a bug, its
just places the onus on the programmer to have a complete
understanding of the implications of namespace flattening.  I think
its fair to say this improves the odds of programmer error, and before
you disagree with me I'd like to point out that the HTTPRequest code
concedes, and unfortunately has made a half-assed attempt at
protecting the programmer from this invalid assumption; it strips all
the well known, traditionally CGI, variables right out of the form
namespace.  Personally, I call that a bug.  So did peterb when he
filed issue 546.

In short, if you want a function to do variable aggregation, thats OK,
but its my believe that function shouldn't be sold to the masses as
the 99% solution to all their data gathering needs; it should be the
exception rather than the rule, it should offer a flexible way to
include, exclude, and re-order the lookup rules on the fly, and there
should be no default order--the order should be a mandatory argument,
thus forcing the programmer into thinking about which namespaces are
truely pertinent.

-- 
Jamie Heilman                   http://audible.transient.net/~jamie/
"I was in love once -- a Sinclair ZX-81.  People said, "No, Holly, she's 
 not for you." She was cheap, she was stupid and she wouldn't load 
 -- well, not for me, anyway."				-Holly