Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Zope: Dev

ForbiddenAttribute: why subclass AttributeError?

  

 
Zope dev RSS feed   Index | Next | Previous | View Threaded


ct at gocept

Oct 15, 2008, 8:49 AM

Post #1 of 2 (515 views)
Permalink
ForbiddenAttribute: why subclass AttributeError?
Hi,

Why is a ForbiddenAttribute also an AttributeError? Is this intended to
avoid 'information leaks'?

We found a nasty side-effect together with getattr and annotations: a
user that didn't have read-access to __annotations__ would end up trying
to create the annotations container again and again because getattr(obj
'__annotations__', None) would return None instead of propagating the
ForbiddenAttribute exception.

Christian and Wolfgang

--
Christian Theune · ct [at] gocept
gocept gmbh & co. kg · forsterstraße 29 · 06112 halle (saale) · germany
http://gocept.com · tel +49 345 1229889 7 · fax +49 345 1229889 1
Zope and Plone consulting and development
Attachments: signature.asc (0.19 KB)


cz at gocept

Oct 17, 2008, 7:32 AM

Post #2 of 2 (467 views)
Permalink
Re: ForbiddenAttribute: why subclass AttributeError? [In reply to]
On 2008-10-15 17:49:30 +0200, Christian Theune <ct [at] gocept> said:

>
> Why is a ForbiddenAttribute also an AttributeError? Is this intended to
> avoid 'information leaks'?
>
> We found a nasty side-effect together with getattr and annotations: a
> user that didn't have read-access to __annotations__ would end up trying
> to create the annotations container again and again because getattr(obj
> '__annotations__', None) would return None instead of propagating the
> ForbiddenAttribute exception.

On a proxied object you'd never get an AttributeError but only
ForbidenAttribute, wouldn't you? So I think an ForbiddenAttribute as
subclass of AttributeError is the right thing.


--
Christian Zagrodnick · cz [at] gocept
gocept gmbh & co. kg · forsterstraße 29 · 06112 halle (saale) · germany
http://gocept.com · tel +49 345 1229889 4 · fax +49 345 1229889 1
Zope and Plone consulting and development


_______________________________________________
Zope-Dev maillist - Zope-Dev [at] zope
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Zope dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.