[Zope-dev] Send simple objects to server

Martijn Pieters mj@digicool.com
Sat, 11 Mar 2000 15:37:19 +0100 

From: "Thomas Weholt" <thomas@bibsyst.no>
> Hi,
>
> I want to extend Zope to receive simple objects made by me, put them
> into a Berkley DB based database located at the server and process the
> data.
>
> Example :
>
> User scans a cd-rom locally, the created cd-rom-object is pickled,
> compressed using zlib and transferred to a zope-server, where a special
> part, the part I want to make, receives the object and creates indexes,
> reports etc.

Note that pickles are unsafe, a malicious user could send you a pickle of a
dangerous object which would be unpickled by the server without a hitch.

I could send a pickle of a ZServer Monitor wich accepts connections from the
internet, and has a password known by me. I could then log into your Zope
Process, using the monitor client. Once inside a python prompt inside you
Zope server, I can manipulate your server as the user your Zope install runs
at. Now I can try and find weaknesses from within your server.

You will have to find another transport encoding for your objects. If your
objects are of one class, or a limited number of them, I'd use XML-RPC.
Develop a Zope Product that can be called with XML-RPC, and that will create
the objetcs for you.

> Later on the user can configure how the data shall be processed, indexes
> created etc. and search his or other peoples data thru zope, like
> searching yahoo.
>
> The problem is transferring objects to the server. I`ve looked at DOPY
> and PYRO, but Zope has more features etc.
>
> Any ideas or hints on what documents I should read in the Zope
> documentation, what source-files I should study to understand this etc.
> ????

There are lots of examples. Start with the general Zope docuentation and the
How-To's on Zope.org. Look through Products on Zope.org, their source code
could be of help. And have a look at XML.com, there are several articles on
XML and Zope there, one of which is about XML-RPC.

Martijn Pieters
| Software Engineer    mailto:mj@digicool.com
| Digital Creations  http://www.digicool.com/
| Creators of Zope       http://www.zope.org/
|   The Open Source Web Application Server
---------------------------------------------