[Zope3-dev] Security: Do not compare symbolic constants with
persistent data using "is"
Chris Withers
chrisw@nipltd.com
Sun, 17 Feb 2002 09:37:50 +0000
Casey Duncan wrote:
>
> That was a good catch. I think the original idea was
> that these constants might eventually be objects that
> also represent booleans or somesuch. Mostly they are
> there just as a way to not have to hard code strings
> or worse numbers for the three states everywhere.
>
> Anyhow, I think checking for equality is the way to
> go. To make this complete, a comment to this affect
> should be put in Settings.py, so that if we do make
> them into classes some day, we don't foobar it again.
>
> If nobody objects, I can make this change.
How about using symbolic constants and then using equality?
Numbers are probably gonna be quicker in execution than strings or other
objects.
so, in /somewhere/constants.py:
SOMETHING = 1
SOMETHING_ELSE = 2
then in /somewhereelse/code.py:
if x==SOMETHING:
do_something()
I didn't have any context before replying so I may be way off the mark, but this
is a pattern I think should be used more often in Zope, especially compared to
nasty hard coded strings all over the place...
cheers,
Chris