[Zope3-dev] Security Proxies
Jim Fulton
jim at zope.com
Tue Dec 23 17:05:53 EST 2003
Roché Compaan wrote:
> * Jim Fulton <jim at zope.com> [2003-12-23 22:54]:
>
>>Roché Compaan wrote:
>>
>>>I am busy moving a rather big app to Zope3 and my battle with security
>>>proxies is becoming a bit of show stopper. "setattr" on security proxies
>>>don't remove proxies around "value" which causes the ZODB to complain
>>>"Cannot pickle <type 'zope.security._proxy._Proxy'> objects". This
>>>occurs at a point when the security.checker's check_setattr has already
>>>passed without exceptions.
>>
>>Note that the setattr security check has nothing to do with the value.
>>The value of the attribute isn't taken into account.
>>
>>
>>>It is easily reproducable as well - just declare an interface with an
>>>"Object" schema field, with add- and editform and implement it.
>>
>>Right. It have to remove proxies before saving a value.
>>
>>
>>>Now it doesn't seem right that schema fields should remove proxies
>>>before calling setattr since a security check is done during "setattr".
>>
>>No, It's fine to do that since the security check doesn't depend
>>on the value.
>
>
> Should all application code calling setattr then always remove proxies?
Yes. Note that most application code deals with simple values
(aka rocks) that don't get proxied.
> Wouldn't it be easier if the proxy takes care of it
No. For a number reasons:
- zope.proxy doesn't depend on serialization, so it shouldn't
make any rash decisions about removing proxied.
- Most setattrs are done in content-object methods. The self
passed to such methods is unproxied.
- Application code needs to be careful about removing security
proxies.
> ie. who's
> responsibility is it the proxy's or the code calling setattr?
The code calling setattr.
>
>>>Hence my conclusion that this looks like a bug. If it is and I am not
>>>missing something obvious I'll file it in the collector.
>>
>>What is a bug? I'm can't tell what "this" is.
>
>
> That the proxy's setattr doesn't remove the value's proxy before
> persisting it.
Ok, that's not a bug. That is intentional.
Jim
--
Jim Fulton mailto:jim at zope.com Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
More information about the Zope3-dev
mailing list