20 Nov
2003
20 Nov
'03
9:21 p.m.
On Thu, Nov 20, 2003 at 07:14:18PM +0100, Dieter Maurer wrote:
I made a ZSyncer variant that uses ZPublisher.Client as RPC protocol and Python's "pickle" to marshal data. This gets rid of XML-RPC. If anyone is interested, let me know...
Watch out with pickles; if I can upload an arbitrary pickle to your machine I can get full control of your Zope process, as pickles would allow me to construct arbitrary instances of python objects. -- Martijn Pieters | Software Engineer mailto:mj@zope.com | Zope Corporation http://www.zope.com/ | Creators of Zope http://www.zope.org/ ---------------------------------------------