[Zope3-dev] MessageID as rocks?
Shane Hathaway
shane@zope.com
Wed, 16 Apr 2003 13:29:08 -0400
Barry Warsaw wrote:
> On Wed, 2003-04-16 at 11:42, Shane Hathaway wrote:
>
>
>>My understanding is that untrusted code can get and set attributes of
>>rocks. I think that means untrusted code would be able to:
>>
>>- messageid.domain = '1 0WN3D JU'
>>- messageid.__class__.foo = lambda *args: '1 ST177 0WN JU'
>>
>>In Zope 3, untrusted code is not compiled in a special way as it is in
>>Zope 2. So Zope 3 requires wrappers for nearly everything.
>
>
> If that's the case, then we'll need to proxy MessageIDs and we'll need
> to add all the proxy-aware isinstance machinery, compatible with both
> Python 2.2 and 2.3.
>
> I'll add that if it doesn't exist already.
Another option is to come up with a base class that makes things like
MessageIDs safe to use as rocks. Python code could read and write
attributes of these objects until something calls the "petrify()" method.
That's more work than fixing isinstance(), though. :-)
Shane