On Sun, 18 Mar 2001, Dan L. Pierson wrote:
> representation of Chris' proposal.  FSDump has no read capability.  At 
> IPC9, someone
> from DC told me that Tres was worried that read capability would be a giant 
> security
> hole.  I can't remember if that someone was Tres or not.  IMHO, the 
> solution to this
> probably involves forcing read to be invoked only from outside of Zope (or 
> maybe only from a local machine login?).  I'm not sure how this would be 
> done.

Presumably the issue here is the one that results in 'import' only
working on files stored in the host file system (ie: you have enough
authority to have file system privs in the zope directory to import
zexp pickles or XML pickles).

A file-system-serialized represenatation has the additional advantage
over XML pickles that it can be re-parsed and have the security
rules applied on read.  This however means that XML as the default
for objects that don't explicitly implement the file-system-serialize
API is probably not secure.

For CVS, XML default would be good.  For round trip editing using
"standard tools", XML default would not be good.  So I think XML
should be the default for write, but there should be no default for


Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to