Hello list, I'm currently building a webapp to be used on intranets enviroments. We have some folderish objects that contains what we call "Components" of our webapp. Some of our developers export them as zexp to be imported later at our customer running the webapp (adding functionality, like modules or plugins). We will like, instead to let our customer to access the ZMI to make the import, provide a simplified way to do the job (we already have some management screens that let the end-user remove the components or disable them). Inside this interface we will like to offer a "upload component" or something similar, so our customer just have to browse for the .zexp file we have created and include in his running webapp. Only authorized user have power to disable/remove components. The thing is that the "import" directory is not accesible locally, nor by us, nor by our customer (he run the web app form the intranet and not sitting in the zope-box). Q: Is there a way to handle the upload and import process by a product (to be created) to bypass this security? or must relly on a limited FTP server that only allow me upload information to the "import" directory? We cannot do a XML-RPC (as proposed on irc) because the webapp of our customer and our dev-box aren't directly connected (our customer don't have the zope-box connected to internet, only intranet access). Some suggestions will be really apreciated, Please excuse my poor english, is not my mother language... and I'm very tired (4AM here!) Thanks, Luis PS: Please CC your answer because I'm currently not member of this list, thanks.