[Zope-dev] Uploading products through Zope

Scott Robertson sroberts@codeit.com
Thu, 18 Mar 1999 15:20:04 -0800 (PST)


Any body have a clue as to what kind of security problems might be
encountered if we were to give users the ability to upload/install
Products through Zope?

We were thinking about writing an External Method that would take a tgz
file and uncompress it under /Products/.

Curently we let users install their own products through ftp but it would
be one less service we would have to configure and run if we gave them
that abillity. 

The only issue I can think of is that  only certain accounts should be
allowed to upload or replace products.


---------------------------------------------------
- Scott Robertson             Phone: 714.972.2299 -
- CodeIt Computing            Fax:   714.972.2399 -
-                http://codeit.com                -
---------------------------------------------------