Guido van Rossum wrote: >>If you only want to secure a few objects, then mxProxy can >>help you with this: it allows access management at C level >>on a per-method basis and also via callbacks... >> >> http://www.egenix.com/files/python/mxProxy.html > > > Zope3 has a similar proxy feature. But I think that the safety of > proxies still relies on there not being backdoors, and the new-style > class code has added too many of those. mxProxy stores a reference to the object in a C Proxy object and then manages access to this object through the Proxy methods and attributes. Provided that no other reference to the wrapped Python object exist in the interpreter, the only way to get at the object is via hacking the C code, ie. by using a special extension which knows how to extract the C pointer to the object from the Proxy object. Now, the Proxy object knows that e.g. bound methods of the object contain a reference to the object itself and rewraps the method in a way which hides the pointer to self. I don't know whether the new class code has added more backdoors of this kind. If so, I'd appreciate some details or references, so that I can add support for these to mxProxy as well. > More on this thread later, when I have more bandwidth to deal with it. Ok. -- Marc-Andre Lemburg CEO eGenix.com Software GmbH _______________________________________________________________________ eGenix.com -- Makers of the Python mx Extensions: mxDateTime,mxODBC,... Python Consulting: http://www.egenix.com/ Python Software: http://www.egenix.com/files/python/
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4