On Thu, 25 May 2000 11:19:30 -0400, "Evan Simpson" <evan@digicool.com> wrote:
Yesterday, Jim actually came up with the hint of the start of how web import could be made secure. It should be possibly to write an unpickler which consults the security machinery and ensures that the pickle doesn't instantiate anything that the user doesn't have permission to make. It may be quite a while before someone actually writes this, unless one of you folks wants to give it a shot ;-)
I dont think that's going to fly. It's perfectly ok for a persistant object to contain something that shouldn't be creatable. For example, suppose I create my own DateTime class, which appears as an attribute of a well behaved product class. I use ZCatalog to index these attributes, then export the ZCatalog. Who can tell whether MyDateTime is safe? Toby Dickenson tdickenson@geminidataloggers.com