launchpad-dev team mailing list archive

Thread
Date

using PermissiveSecurityPolicy when serving private xmlrpc requests

To: Launchpad Community Development Team <launchpad-dev@xxxxxxxxxxxxxxxxxxx>
From: Michael Hudson <michael.hudson@xxxxxxxxxxxxx>
Date: Tue, 23 Feb 2010 17:56:47 +1300
User-agent: Thunderbird 2.0.0.23 (X11/20090817)

Hi there.

Today's hacking has involved working on methods implemented by the
private xml-rpc server.  If you've done this before, you'll know that it
can be a bit annoying as calls to this server are not authenticated, so
you end up having to weaken the security declarations a whole lot or use
removeSecurityProxy liberally, neither of which feels very nice (I have
complained about this before, I think).

Really, given the role the internal xml-rpc has in our system, the
PermissiveSecurityPolicy (as used by 'zopeless' scripts) is much more
appropriate for these requests.  Is this easy to achieve?  I stared into
the zope vortex for a bit, and it seems like it's almost but not quite
easy: basically, we'd want to be able to influence the class of the
interaction the call to newInteraction in
canonical.launchpad.webapp.publication.LaunchpadBrowserPublication.beforeTraversal
instantiates and that would be that -- but newInteraction always reads a
global variable to figure out which class to instantiate.  So a
copy-paste-hack of newInteraction would probably be required.

Does anyone have any thoughts on the matter?

Cheers,
mwh

Follow ups

Re: using PermissiveSecurityPolicy when serving private xmlrpc requests
From: Bjorn Tillenius, 2010-02-23