Hi all, I'm hoping this is the last mystery before I release ... :-D For good or ill, I used a variation of the MiniPickle module (see the example on zope.org) to pack python data structures into a cookie. (I had to add an extra hex-encoding part to make legal cookies). I needed an external python method to do this in the prototype, and I thought it'd be trivial to just attach these as regular python methods in the product. However, when I try to call my "mini_dumps" method, I get a complaint about not being able to pickle an object in an "acquisition wrapper." A little searching on zope.org suggests this is referring to the internal mechanism that Zope uses to provide acquisition services. But why wouldn't the external method complain about it? And how can I unwrap this object? (I guess this means getting a direct reference to the object instead of an indirect one, though I'm still foggy on how acquisition works -- it seems pretty magical still). Thanks, Terry -- ------------------------------------------------------ Terry Hancock hancock@anansispaceworks.com Anansi Spaceworks http://www.anansispaceworks.com P.O. Box 60583 Pasadena, CA 91116-6583 ------------------------------------------------------
from Acquisition import aq_base unwrapped_obj = aq_base( wrapped_obj ) i think you can do that in python scripts, too, but i am not sure. i only ever used this in python product code or external methods. jens On Wednesday, July 3, 2002, at 05:54 , Terry Hancock wrote:
Hi all,
I'm hoping this is the last mystery before I release ... :-D
For good or ill, I used a variation of the MiniPickle module (see the example on zope.org) to pack python data structures into a cookie. (I had to add an extra hex-encoding part to make legal cookies).
I needed an external python method to do this in the prototype, and I thought it'd be trivial to just attach these as regular python methods in the product.
However, when I try to call my "mini_dumps" method, I get a complaint about not being able to pickle an object in an "acquisition wrapper." A little searching on zope.org suggests this is referring to the internal mechanism that Zope uses to provide acquisition services.
But why wouldn't the external method complain about it? And how can I unwrap this object? (I guess this means getting a direct reference to the object instead of an indirect one, though I'm still foggy on how acquisition works -- it seems pretty magical still).
Thanks, Terry
FWIW, allowing Zope to unpickle data that it receives remotely is a pretty big security risk. It sounds like you probably know this and it's "OK" in your case, but just wanted to send a message to make sure..
On Wednesday, July 3, 2002, at 05:54 , Terry Hancock wrote:
Hi all,
I'm hoping this is the last mystery before I release ... :-D
For good or ill, I used a variation of the MiniPickle module (see the example on zope.org) to pack python data structures into a cookie. (I had to add an extra hex-encoding part to make legal cookies).
I needed an external python method to do this in the prototype, and I thought it'd be trivial to just attach these as regular python methods in the product.
However, when I try to call my "mini_dumps" method, I get a complaint about not being able to pickle an object in an "acquisition wrapper." A little searching on zope.org suggests this is referring to the internal mechanism that Zope uses to provide acquisition services.
But why wouldn't the external method complain about it? And how can I unwrap this object? (I guess this means getting a direct reference to the object instead of an indirect one, though I'm still foggy on how acquisition works -- it seems pretty magical still).
Thanks, Terry
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
-- Chris McDonough Zope Corporation http://www.zope.org http://www.zope.com "Killing hundreds of birds with thousands of stones"
Thank you Jens Vagelpohl for the example on unwrapping the object -- yes this is from product code, not a script. I thought it was weird that there was a difference between an external method and a product method -- perhaps the external method has this unwrapping done for it? Chris McDonough wrote:
FWIW, allowing Zope to unpickle data that it receives remotely is a pretty big security risk. It sounds like you probably know this and it's "OK" in your case, but just wanted to send a message to make sure..
On Wednesday, July 3, 2002, at 05:54 , Terry Hancock wrote:
For good or ill, I used a variation of the MiniPickle module (see the example on zope.org) to pack python data structures into a cookie. (I had to add an extra hex-encoding part to make legal cookies).
Yes, I know it can be. Supposedly MiniPickle restricts itself to "safe" data structures, and won't unpack code objects (or any user-defined objects). It's just a way to avoid parsing a dictionary. It's actually pretty similar to Zope's tree state cookie in function, or like a bookmark. Since I'm using Zope 2.5.1, the possibility exists of moving to Sessions instead of cookies -- but I'm not sure what the consequences of that are (it would seem that at least my server would have to maintain a data structure for every logged-in user, which doesn't *seem* too efficient to me, but I haven't analyzed the problem yet). Anyway it's only about 100-500 bytes of data, so I don't want to spend a lot of effort on it. I consider "fixing" it a second-order problem, the important thing currently is that it works somehow. Cheers, Terry -- ------------------------------------------------------ Terry Hancock hancock@anansispaceworks.com Anansi Spaceworks http://www.anansispaceworks.com P.O. Box 60583 Pasadena, CA 91116-6583 ------------------------------------------------------
participants (3)
-
Chris McDonough -
Jens Vagelpohl -
Terry Hancock