[Zope] Zsyncer problem?
Philippe Jadin
philippe.jadin@123piano.com
Wed, 30 May 2001 20:06:35 +0200
Hello,
Just tried zsyncer, and let me tell you that this tool is great!
However, it seems that there is a quite big security problem with the
current version : if you place the zsyncer on a subfolder of root, it stills
gives you the ability to sync root folders, and any subfolder, wether you
have the rights to do so or not. It's not a problem if you are root, but
else...
False alert? I hope I explained the problem clearly enough...
Something else :
I'm not sure it's allways the right action to delete something which is on
production and not on source ("extra this (red): object is on production but
not development, it needs deleting from production"), for example, if it's
user feedback, it would be cool to add those to the source server (for
backups for instance), and would probably never need to be deleted.
As I said, still the nicest product I found for zope. And this prove that
xml-rpc is robust and fast. (I would say a *lot* faster than ftp for
instance).
Philippe Jadin
www.123piano.com