Ivo van der Wijk wrote:
I tried to ask this on the standard zope list, but noone seemed to know anything about it. Perhaps you do?
We provide zope hosting, both folder based (where people have access to their own folder, mapped to a domain, and no access to the zope server / source / var / import / lib directories) and pure zope hosting (i.e. an entire own zope server for this customer)
In the folder case, one of our customers whishes to upload his locally developped site as .zexp to our zope server and import it there.
Can this be done safely? I.e. withouth compromising the other customers security?
No. It's not just difficult, but with zexp it's not possible.
From some discussions where had on #zope I understand that expecialy proxy roles may be a problem which may be fixed by requiring the user to take ownership.
Would this fix all security issues? Or are there any other unforseen problems?
Would anyone know another solution to achieve the same functionality? (ftp won't work, as you can't, for example, upload userfolders)
Would it be possible to perform a scan on an xml exports for unwanted proxy roles and other security issues?
There are infinite ways to plant a security hole in a .zexp. What you're really looking for is a different kind of import/export format. This is actually a great opportunity for a new product: something that can import and export only specific kinds of objects and can strip security-related attributes. It could be web-enabled rather than requiring filesystem access. I guess the question is then "how badly do you want it"? :-) Shane