-----Original Message----- From: Hung Jung Lu [mailto:hungjunglu@hotmail.com]

Perhaps your problem is that you are not reading/writing your pickled file by using the binary tag as in 'rb' or 'wb'.

myFile = open('myFileName', 'rb') myPickledString = myFile.read() myFile.close()

....

myFile = open('myFileName', 'wb') myPickledString = urllib.unquote_plus( REQUEST.cookies['myCookieName']) myFile.write(myPickledString) myFile.close()

Erm.. .you guys realizing that you are opening a gaping security hole here? A malicious someone can contruct any pickle they like and send it to your server. In theory you could send the pickle of a Medusa monitor handler that'd open a unsecured monitor server on any given port, and allow the malicious person to access your Zope process _unrestricted_. Just to name an example. Don't trust pickles from the web. It's the reason why Zope only allows imports from the filesystem. -- Martijn Pieters, Software Engineer | Digital Creations http://www.digicool.com | Creators of Zope http://www.zope.org | mailto:mj@digicool.com ICQ: 4532236 | PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149 -------------------------------------------