On Sun, 18 Mar 2001, Dan L. Pierson wrote:
representation of Chris' proposal. FSDump has no read capability. At IPC9, someone from DC told me that Tres was worried that read capability would be a giant security hole. I can't remember if that someone was Tres or not. IMHO, the solution to this probably involves forcing read to be invoked only from outside of Zope (or maybe only from a local machine login?). I'm not sure how this would be done.
Presumably the issue here is the one that results in 'import' only working on files stored in the host file system (ie: you have enough authority to have file system privs in the zope directory to import zexp pickles or XML pickles). A file-system-serialized represenatation has the additional advantage over XML pickles that it can be re-parsed and have the security rules applied on read. This however means that XML as the default for objects that don't explicitly implement the file-system-serialize API is probably not secure. For CVS, XML default would be good. For round trip editing using "standard tools", XML default would not be good. So I think XML should be the default for write, but there should be no default for read. --RDM