[Zope-dev] Allowing secure 'import' access in zope folder hosting
Ivo van der Wijk
ivo@amaze.nl
Sat, 21 Apr 2001 01:58:17 +0200
On Fri, Apr 20, 2001 at 05:29:51PM -0400, Shane Hathaway wrote:
> Ivo van der Wijk wrote:
> > I tried to ask this on the standard zope list, but noone seemed to know
> > anything about it. Perhaps you do?
> >
> > We provide zope hosting, both folder based (where people have access
> > to their own folder, mapped to a domain, and no access to the zope
> > server / source / var / import / lib directories) and pure zope hosting
> > (i.e. an entire own zope server for this customer)
> >
> > In the folder case, one of our customers whishes to upload his locally
> > developped site as .zexp to our zope server and import it there.
> >
> > Can this be done safely? I.e. withouth compromising the other customers
> > security?
>
>
> What you're really looking for is a different kind of import/export
> format. This is actually a great opportunity for a new product:
> something that can import and export only specific kinds of objects and
> can strip security-related attributes. It could be web-enabled rather
> than requiring filesystem access.
>
> I guess the question is then "how badly do you want it"? :-)
>
Just a random, related thought that came up: Wouldn't it be nice
if people could devellop locally on their own zope (under windows
or unix) and hit the 'Sync' button on their "SyncedFolder" to
transparently upload their work to the zope server where it becomes
live immediately? (ok, this wouldn't work for external databases)
Just a thought. I know it doesn't cover all situations and there are
other ways to do this (next to just developping remotely using versions).
Ivo
--
Drs. I.R. van der Wijk -=-
Brouwersgracht 132 Amaze Internet Services V.O.F.
1013 HA Amsterdam -=-
Tel: +31-20-4688336 Linux/Unix based corporate
Fax: +31-20-4688337 and
Web: http://www.amaze.nl/ Internet Solutions
Email: ivo@amaze.nl -=-