[Zope3-dev] Nasty bugs

Wed, 20 Mar 2002 16:35:14 +0000

Shane Hathaway wrote:
>
> Right.  Attribute access has to be restricted based on the security 
> policy.  But once you have the value of an attribute and it's a number, 
> string, or None, there is no reason to wrap that value.  I don't think 
> we need a security policy so fine grained that it can decide what parts 
> of a string untrusted code is allowed to look at, or whether you're 
> allowed to determine the fractional component of a float. ;-)

So that should solve most of the "is" problem.

What does code typically compare by identity? Here's the ones I can 
think of:

  * Things the code has itself created

  * Classes / types

  * None

  * Small integers

  * The empty tuple

The only one of those that is mutable that we might need to worry about 
is "Classes / types".

--
Steve Alexander