11 Sep
2000
11 Sep
'00
10:25 a.m.
Martijn Pieters wrote:
No it isn't. Web access to class instances is handled by permissions. Unpickling will cause class instantiation in the python process, where you have no control over what get's created.
Surely you could pipe this process through the Zope security process?
You can create a custom unpickling class, but one that would handle the Zope range of objects would be, in Jim's words "tricky".
...then again, maybe not :-( *sigh* Chris :-)