[Zope-dev] Zope client? (invitation for developers)
Itamar Shtull-Trauring
itamar@maxnm.com
Thu, 11 May 2000 10:52:38 +0300
Bill Anderson wrote:
> > I've written one already in wxPython, so it runs on Windows, too. Check out
> > http://www.zope.org/Members/itamar/load_site. Make sure you follow the
> > instructions on altering Zope or it won't work. It uses both XML-RPC and
> > ZPublisher.Client for historical reasons, but evnetually it'll use XML-RPC
> > only, since XML-RPC is a lot more powerful.
>
> But has isssues with ZSQL Methods. :(
That's a Zope security issue, really. Client would most likely have the
same problem. But let me explain why I used XML-RPC: ZPublisher.Client
always returns it's results a string, while XML-RPC pickles Python objects
into XML and then unpickles them back into Python objects. This means that
if a method returns a list, using Client you'll get "['a', 'b', 'c']", the
string represnetation of the list, while with XML-RPC yopu'll get the actual
list.
Since doing eval() on strings you get from strangers is a Really Big
Security Bug, XML-RPC is the way to go.
--
Itamar S.T. itamar@maxnm.com