[Zope] Import from file via management-interface

Terry Kerr terry@adroit.net
Sat, 09 Sep 2000 03:27:04 +1100


you can write anything destructive, whether it is an external method, a DTML
Method, or basically anything.  At least if the only way you can import .zexp's
is from the import directory, then only people with access to the zope file
structure can import stuff...that will usually be restricted to system
administrators or superuser people.

terry

Hung Jung Lu wrote:

> >I found it very disturbing having to get my .zexp exports
> >into the subdirectory 'import' of the server and then using
> >the management-interface to do the actual import.
>
> I found it inconvenient, too. (Not disturbing, though.) And I had to
> implement my own uploading scheme via web. But as anything that is put into
> the file system, I thought that there must be some security reason. At least
> I know that's why the Extensions folder is there.
>
> Is this (existence of import folder) really a shortcoming of Zope, or is
> there some security reason why .zexp cannot be uploaded directly from
> browser? Can someone somehow write a destructive external method, and then
> upload it via .zexp?
>
> regards,
>
> Hung Jung
>
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> Share information about yourself, create your own public profile at
> http://profiles.msn.com.
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )

--
Terry Kerr (terry@adroit.net)
Adroit Internet Solutions Pty Ltd (www.adroit.net)
Phone:   +613 9563 4461
Fax:     +613 9563 3856
Mobile:  +61 414 708 124
ICQ:     79303381