[Zope3-dev] Security and __repr__
Stuart Bishop
stuart at stuartbishop.net
Sat Jul 24 18:01:05 EDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 20/07/2004, at 7:22 PM, Jim Fulton wrote:
> Making __repr__ always available has two down sides:
>
> - it places a security requirement on class implementors that they
> never reveal any sensitive information in their __repr__
> implemetations.
> This would be a pretty significant requirement that might be hard to
> make adequately well-known.
And impossible to enforce or control in legacy or non-Zope-aware code.
> - It makes it harder to see that a value is proxied. Most objects
> have boring reprs anyway. Providing a fallback repr that
> shows the class and that shows that something is proxied adds value.
>
> I'd like to go back to using a fallback repr if there isn't a
> security dclaration for a repr.
>
> Thoughts?
Would the fallback __repr__ use a View, allowing us to plug in 'safe'
reprs without modifying existing source code?
- --
Stuart Bishop <stuart at stuartbishop.net>
http://www.stuartbishop.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)
iD8DBQFBAtwiAfqZj7rGN0oRAuZ9AJ4iUtJQh3oqteJq69c+S1RBXtTkPACaA8jJ
+ZRF5MkdHSlAlu+Zy0NECHQ=
=/nux
-----END PGP SIGNATURE-----
More information about the Zope3-dev
mailing list