[Python-Dev] Re: Whither rexec?
M.-A. Lemburg
mal@lemburg.com
Thu, 09 Jan 2003 11:42:46 +0100
Guido van Rossum wrote:
>>If you only want to secure a few objects, then mxProxy can
>>help you with this: it allows access management at C level
>>on a per-method basis and also via callbacks...
>>
>> http://www.egenix.com/files/python/mxProxy.html
>
>
> Zope3 has a similar proxy feature. But I think that the safety of
> proxies still relies on there not being backdoors, and the new-style
> class code has added too many of those.
mxProxy stores a reference to the object in a C Proxy object
and then manages access to this object through the Proxy methods
and attributes. Provided that no other reference to the wrapped
Python object exist in the interpreter, the only way to get at
the object is via hacking the C code, ie. by using a special
extension which knows how to extract the C pointer to the object
from the Proxy object.
Now, the Proxy object knows that e.g. bound methods of the
object contain a reference to the object itself and rewraps the
method in a way which hides the pointer to self. I don't
know whether the new class code has added more backdoors of this
kind. If so, I'd appreciate some details or references, so that
I can add support for these to mxProxy as well.
> More on this thread later, when I have more bandwidth to deal with it.
Ok.
--
Marc-Andre Lemburg
CEO eGenix.com Software GmbH
_______________________________________________________________________
eGenix.com -- Makers of the Python mx Extensions: mxDateTime,mxODBC,...
Python Consulting: http://www.egenix.com/
Python Software: http://www.egenix.com/files/python/