Hi, I have just come acroos this idea of having zope accept the import file from an upload form instead of having it from the server directory. In web hosting environment like imeme.net, It is painful and unsecure for all to share the import directory for updating. Rgs, Kent Sin --------------------------------- kentsin.weblogs.com kentsin.imeme.net
Sin Hang Kin wrote:
In web hosting environment like imeme.net, It is painful and unsecure for all to share the import directory for updating.
And it's insecure for the service providor to allow importign over the web :( Chris
----- Original Message ----- From: Chris Withers <chrisw@nipltd.com>
Sin Hang Kin wrote:
In web hosting environment like imeme.net, It is painful and unsecure for all to share the import directory for updating.
And it's insecure for the service providor to allow importign over the web :(
Yesterday, Jim actually came up with the hint of the start of how web import could be made secure. It should be possibly to write an unpickler which consults the security machinery and ensures that the pickle doesn't instantiate anything that the user doesn't have permission to make. It may be quite a while before someone actually writes this, unless one of you folks wants to give it a shot ;-) Cheers, Evan @ digicool & 4-am
On Thu, 25 May 2000 11:19:30 -0400, "Evan Simpson" <evan@digicool.com> wrote:
Yesterday, Jim actually came up with the hint of the start of how web import could be made secure. It should be possibly to write an unpickler which consults the security machinery and ensures that the pickle doesn't instantiate anything that the user doesn't have permission to make. It may be quite a while before someone actually writes this, unless one of you folks wants to give it a shot ;-)
I dont think that's going to fly. It's perfectly ok for a persistant object to contain something that shouldn't be creatable. For example, suppose I create my own DateTime class, which appears as an attribute of a well behaved product class. I use ZCatalog to index these attributes, then export the ZCatalog. Who can tell whether MyDateTime is safe? Toby Dickenson tdickenson@geminidataloggers.com
----- Original Message ----- From: Toby Dickenson <mbel44@dial.pipex.net>
I dont think that's going to fly. It's perfectly ok for a persistant object to contain something that shouldn't be creatable.
True enough. Further thought has made me realize that a persistent object could contain only valid instances and values, yet still subvert security simply by playing with normally inaccessible instance attributes (eg. import an acl_users containing a user with roles you don't possess). Doing things right would involve inspecting each unpickled object minutely to make sure it didn't have a bomb in its guts. Security is hard :-/ Cheers, Evan @ digicool & 4-am
At 12:05 PM 6/5/00 -0400, Evan Simpson wrote:
Security is hard :-/
No kidding. And just think, all the hard stuff that's been done to avoid trojans in a portal-ish site can be defeated simply by a user making a page that looks like the portal's login screen and asking the user to "verify" their password before accessing the "secure content" at that location...
participants (5)
-
Chris Withers -
Evan Simpson -
Phillip J. Eby -
Sin Hang Kin -
Toby Dickenson