[Keeping zope@zope.org in the loop for the archive] On Fri, May 26, 2000 at 02:05:42PM +0100, Steve Alexander wrote:
Martijn Pieters wrote:
On Fri, May 26, 2000 at 11:05:23AM +0100, Steve Alexander wrote:
Here's a very silly idea:
Could you pickle and Base64 encode the data you want to pass, and then shove it in a single hidden control?
I am afraid that is a very silly security hole. Anyone can replace that pickle with any other pickle, which the server will then instanciate. Anything goes.
I *knew* there was some reason it was silly as I was typing it :-)
Shame there's no "safe pickle option" that allows only numbers, strings, lists, tuples and dictionaries.
There is actually. It's called marshal: http://www.python.org/doc/current/lib/module-marshal.html which supports just that list of types, plus code objects. -- Martijn Pieters | Software Engineer mailto:mj@digicool.com | Digital Creations http://www.digicool.com/ | Creators of Zope http://www.zope.org/ | The Open Source Web Application Server ---------------------------------------------