[Zope3-dev] Security Proxies

Jim Fulton jim at zope.com
Tue Dec 23 17:05:53 EST 2003 

Roché Compaan wrote:
> * Jim Fulton <jim at zope.com> [2003-12-23 22:54]:
> 
>>Roché Compaan wrote:
>>
>>>I am busy moving a rather big app to Zope3 and my battle with security
>>>proxies is becoming a bit of show stopper. "setattr" on security proxies
>>>don't remove proxies around "value" which causes the ZODB to complain
>>>"Cannot pickle <type 'zope.security._proxy._Proxy'> objects". This
>>>occurs at a point when the security.checker's check_setattr has already
>>>passed without exceptions.
>>
>>Note that the setattr security check has nothing to do with the value.
>>The value of the attribute isn't taken into account.
>>
>>
>>>It is easily reproducable as well - just declare an interface with an
>>>"Object" schema field, with add- and editform and implement it.
>>
>>Right.  It have to remove proxies before saving a value.
>>
>>
>>>Now it doesn't seem right that schema fields should remove proxies
>>>before calling setattr since a security check is done during "setattr".
>>
>>No, It's fine to do that since the security check doesn't depend
>>on the value.
> 
> 
> Should all application code calling setattr then always remove proxies?

Yes. Note that most application code deals with simple values
(aka rocks) that don't get proxied.

> Wouldn't it be easier if the proxy takes care of it

No. For a number reasons:

- zope.proxy doesn't depend on serialization, so it shouldn't
   make any rash decisions about removing proxied.

- Most setattrs are done in content-object methods. The self
   passed to such methods is unproxied.

- Application code needs to be careful about removing security
   proxies.

 > ie. who's
> responsibility is it the proxy's or the code calling setattr?

The code calling setattr.

> 
>>>Hence my conclusion that this looks like a bug. If it is and I am not
>>>missing something obvious I'll file it in the collector.
>>
>>What is a bug? I'm can't tell what "this" is.
> 
> 
> That the proxy's setattr doesn't remove the value's proxy before
> persisting it.

Ok, that's not a bug. That is intentional.

Jim

-- 
Jim Fulton           mailto:jim at zope.com       Python Powered!
CTO                  (540) 361-1714            http://www.python.org
Zope Corporation     http://www.zope.com       http://www.zope.org

More information about the Zope3-dev mailing list