I need you folks to help us figure out how to add a sweet little feature: import from the web. Scenario: you work from home on a bunch of information in a Zope folder, like documents, images, Z Tables, etc. You get into work and want to blast it onto your remote Zope-based website. With Zope 1.10.2, you now have an interface to do this: you first export your folder on your laptop, move the export file to the filesystem of your webserver, and import the folder on the webserver. There are certainly some scripting things you could do in Python to make this a bit more seamless. But wouldn't it be nice if you could tell the two Zopes to swap information directly? To date we haven't done this for security reasons. Since export files are series of records containing pickles, the unpickler could be tricked into doing something unpleasant. While this could still happen under the current scheme, at least you know the person was trusted enough to log into the OS and be allowed to write to the directory. Thus, the current import/export scheme isn't about preventing damage, it (like External Methods) is about proving someone is trustworthy. Let's say we leave off the table right now consideration of making the import more immune to hijinx. Let's also leave off the table related issues (like synchronization or replication conflicts). Let's just ask the question: "Can we make import-from-the-network have as acceptible a level of trust as the filesystem?" Here are some brainstorm ideas: 1) Make the import a pull rather than a push. Instead of pushing the data from your computer into a remote Zope, you go to the remote Zope and put in the URL to your local Zope. 2) Turn import from the web off by default but have a knob to turn it on. 3) Reading directly from a Zope as it outputs an export means you're less likely to get a hacked pickle. 4) Have a shared key system, then rotor the export file (this is what we do on the unreleased Zope Network Client software). That is, wrap the data in an envelope. Of course there is still the ultimate question: is this a compelling feature? --Paul Paul Everitt Digital Creations paul@digicool.com 540.371.6909