[ZODB-Dev] How to implement a production / test environment using zope ?

Patrick K. O'Brien pobrien@orbtech.com
Thu, 8 Nov 2001 17:04:15 -0600


ROFL. After I read this message, I just had to go back and reread it as if I
were a "normal" person and not a Python programmer. From that perspective,
all the talk about dangerous foreign pickles is pretty amusing. I think I'll
print this one out and show it to the wife and kids. (As if they didn't
think I was nuts already.)

Anyway, I know this is off-topic, but thought it might brighten your day.
Give it a try.

---
Patrick K. O'Brien
Orbtech
"I am, therefore I think."

-----Original Message-----
From: zodb-dev-admin@zope.org [mailto:zodb-dev-admin@zope.org]On Behalf Of
Michel Pelletier
Sent: Thursday, November 08, 2001 4:49 PM
To: Steve Spicklemire
Cc: Matt; zodb-dev@zope.org
Subject: Re: [ZODB-Dev] How to implement a production / test environment
using zope ?

Steve Spicklemire wrote:
>
>
> You might also consider ZSyncer (I forget the URL) which does a similar
> trick, but using a different approach (direct sync between two Zopes).

I have not seen ZSyncer yet, but I spoke with Jim a while ago about
foreign pickles, and what he had to say was kind of alarming.  I always
knew that pickles from untrusted sources could be dangerous, but I
didn't realize how.

Immagine a pickle that says it's a medusa 'monitor_server' instance and
contains data like a secret backdoor port to listen in on.  If you don't
know where your pickles are coming from, someone could easily sneak a
pickle like this into the data and you would never know.  Upon
unpickling some innocent object, you would also be unpickling a backdoor
right into your system.

This is also why ZClass based products can be more risky than Python
based ones, you can always read the Python for backdoors, but browsing
binary pickles takes detailed knowledge of the pickle format.  To
mitigate a bit of that risk, a command line scanner tool could probably
be created that verified a ZODB or export file to contain only an
approved set of pickles and issue warnings for uknown or malicious ones.

The point is, know where your pickles (and code!) come from and make
sure you trust that source.  If you allow two Zope's to sync their
object data, make sure that connection is totally secure.

-Michel

_______________________________________________
For more information about ZODB, see the ZODB Wiki:
http://www.zope.org/Wikis/ZODB/

ZODB-Dev mailing list  -  ZODB-Dev@zope.org
http://lists.zope.org/mailman/listinfo/zodb-dev