[Twisted-web] Nevow Athena LiveFragment without allowedMethods
Jean-Paul Calderone
exarkun at divmod.com
Wed Nov 30 17:13:14 MST 2005
On Wed, 30 Nov 2005 22:44:03 +0100, Paul Reznicek <maillists at ivsn.com> wrote:
>Hi JP & co.,
>
>I've just started playing with current ATHENA - very nice !!!
Hi Paul, thanks :)
>
>Is there any deeper security reason to use the "allowedMethods" mapping
>additionally
>to the simple fact, that a fragment implements a method only if it is
>necessary?
I'm wary of making it possible to accidentally expose a method to the client. Without allowMethods, it seems to be a quite simple to accidentally expose things. For example, with your patch, the following methods can be invoked by the client on any LiveFragment:
get
rend
remember
rememberStuff
child
renderer
render_sequence
render_mapping
render_string
render_xml
render_data
macro
getBindingNames
getBinding
getDefault
postForm
In that list, only postForm looks particularly scary, and many of these take objects which cannot currently be passed to methods by the client (ie, the context), but it is still quite a long list, and making it possible for the client to call these methods seems unnecessarily risky to me.
If it seems okay to you, you can always create a LiveFragment subclass in your project with the locateMethod implementation included in your patch and always subclass that instead of LiveFragment.
With the above list of methods in mind, does it make more sense why allowedMethods is present?
Jean-Paul
More information about the Twisted-web
mailing list