[Zope-dev] FTP interface being worked on?
R. David Murray
bitz@bitdance.com
Sun, 18 Mar 2001 23:25:42 -0500 (EST)
On Sun, 18 Mar 2001, Dan L. Pierson wrote:
> representation of Chris' proposal. FSDump has no read capability. At
> IPC9, someone
> from DC told me that Tres was worried that read capability would be a giant
> security
> hole. I can't remember if that someone was Tres or not. IMHO, the
> solution to this
> probably involves forcing read to be invoked only from outside of Zope (or
> maybe only from a local machine login?). I'm not sure how this would be
> done.
Presumably the issue here is the one that results in 'import' only
working on files stored in the host file system (ie: you have enough
authority to have file system privs in the zope directory to import
zexp pickles or XML pickles).
A file-system-serialized represenatation has the additional advantage
over XML pickles that it can be re-parsed and have the security
rules applied on read. This however means that XML as the default
for objects that don't explicitly implement the file-system-serialize
API is probably not secure.
For CVS, XML default would be good. For round trip editing using
"standard tools", XML default would not be good. So I think XML
should be the default for write, but there should be no default for
read.
--RDM