[Twisted-web] Nevow Athena LiveFragment without allowedMethods

Jean-Paul Calderone exarkun at divmod.com
Wed Nov 30 17:13:14 MST 2005


On Wed, 30 Nov 2005 22:44:03 +0100, Paul Reznicek <maillists at ivsn.com> wrote:
>Hi JP & co.,
>
>I've just started playing with current ATHENA - very nice !!!

Hi Paul, thanks :)

>
>Is there any deeper security reason to use the "allowedMethods" mapping 
>additionally
>to the simple fact, that a fragment implements a method only if it is 
>necessary?

I'm wary of making it possible to accidentally expose a method to the client.  Without allowMethods, it seems to be a quite simple to accidentally expose things.  For example, with your patch, the following methods can be invoked by the client on any LiveFragment:

  get
  rend
  remember
  rememberStuff
  child
  renderer
  render_sequence
  render_mapping
  render_string
  render_xml
  render_data
  macro
  getBindingNames
  getBinding
  getDefault
  postForm

In that list, only postForm looks particularly scary, and many of these take objects which cannot currently be passed to methods by the client (ie, the context), but it is still quite a long list, and making it possible for the client to call these methods seems unnecessarily risky to me.

If it seems okay to you, you can always create a LiveFragment subclass in your project with the locateMethod implementation included in your patch and always subclass that instead of LiveFragment.

With the above list of methods in mind, does it make more sense why allowedMethods is present?

Jean-Paul



More information about the Twisted-web mailing list