[Zope3-dev] Nasty bugs
Steve Alexander
steve@cat-box.net
Wed, 20 Mar 2002 16:35:14 +0000
Shane Hathaway wrote:
>
> Right. Attribute access has to be restricted based on the security
> policy. But once you have the value of an attribute and it's a number,
> string, or None, there is no reason to wrap that value. I don't think
> we need a security policy so fine grained that it can decide what parts
> of a string untrusted code is allowed to look at, or whether you're
> allowed to determine the fractional component of a float. ;-)
So that should solve most of the "is" problem.
What does code typically compare by identity? Here's the ones I can
think of:
* Things the code has itself created
* Classes / types
* None
* Small integers
* The empty tuple
The only one of those that is mutable that we might need to worry about
is "Classes / types".
--
Steve Alexander