[Twisted-Python] pb.Copyable, round trip objects, and untrusted clients

Glyph Lefkowitz glyph at divmod.com
Thu May 20 13:16:05 EDT 2004

On Thu, 2004-05-20 at 12:56, David Ripton wrote:

> Unsafe because you can easily forget to do it in a spot (agreed --
> unless you build it into the framework), or unsafe because the client 
> can exploit its copy of the Copyable server object in other ways?

I meant that you can easily forget to do it.  Even if you build it into
the framework, you have to categorize all possible changes you want to
be able to rewind if you want to reverse them.  You can make it very
_easy_ to categorize them, but you still can't avoid uploading
potentially harmful object structures in the update of the data.  By
just not allowing changes in the first place, you don't have to worry
about that.

More information about the Twisted-Python mailing list