[Zope] ZupLoader and change properties in external methods

Elena Schulz elena.schulz@gmx.net
Thu, 28 Nov 2002 12:11:30 +0100


Hi Tino again,

now after the message of Ausum I understand the option to improve my
ZupLoader :-)
I have to pack the object data with the property-info transferred to a
string send it in one or may be two
http-requests to a remote dispacher-script (should be just a script nothing
else) that unpacks the property-info and create an object with the
properties on the remote zope.

So if your functionpair is ready for packing and transferring the
property-info via formdata etc. I would be happy to use it for this purpous.

But I don't understand the security issue here. For the upload I need to
login as Manager. The unpacker will need the proxy Manager too. Of course
the transfer of the login-info is a critical point as I cannot use https.
But thats the same with normal login which is done via http. So were is the
extra problem?

Is there no other solution to send an object packed with all property-info
that can be unpacked just by a Python Script? May be _setObject(), _getOb()
or the like?

-- many thanks for your replies, Elena

----- Original Message -----
From: "Tino Wildenhain" <tino@wildenhain.de>
To: "Elena Schulz" <elena.schulz@gmx.net>; <zope@zope.org>
Sent: Tuesday, November 26, 2002 11:46 AM
Subject: Re: [Zope] change properties in external methods (was get
properties ....)


> Hi Elena,
>
>
> --On Dienstag, 26. November 2002 10:45 +0100 Elena Schulz
> <elena.schulz@gmx.net> wrote:
>
> > Hi Dieter,
> >
> > the slow motion is due to the many requests I do adding all the
> > properties. So how to create one object or let a custom action create
all
> > the objects in a minimum of requests? Can you give some more hints about
> > how to set an object with all the properties and how to transmit it via
> > urllib so I can find a start to do it more efficient?
>
> I'm currently working on a function pair which creates/recreates
> complete dictionaries to and from a single string which can be
> transmitted in a hidden form value or may be request body in your case.
> (In fact its ready - I'm only in the testing stage ;)
>
> In any way you'll end up haveing a dispatcher method on the target site
> which receives data for object creation as well as their properties.
> You should be very carefull in designing this as this might open a
> security hole.
>
> Regards
> Tino