[ZODB-Dev] How to implement a production / test environment using
zope ?
Michel Pelletier
michel@zope.com
Thu, 08 Nov 2001 14:49:04 -0800
Steve Spicklemire wrote:
>
>
> You might also consider ZSyncer (I forget the URL) which does a similar
> trick, but using a different approach (direct sync between two Zopes).
I have not seen ZSyncer yet, but I spoke with Jim a while ago about
foreign pickles, and what he had to say was kind of alarming. I always
knew that pickles from untrusted sources could be dangerous, but I
didn't realize how.
Immagine a pickle that says it's a medusa 'monitor_server' instance and
contains data like a secret backdoor port to listen in on. If you don't
know where your pickles are coming from, someone could easily sneak a
pickle like this into the data and you would never know. Upon
unpickling some innocent object, you would also be unpickling a backdoor
right into your system.
This is also why ZClass based products can be more risky than Python
based ones, you can always read the Python for backdoors, but browsing
binary pickles takes detailed knowledge of the pickle format. To
mitigate a bit of that risk, a command line scanner tool could probably
be created that verified a ZODB or export file to contain only an
approved set of pickles and issue warnings for uknown or malicious ones.
The point is, know where your pickles (and code!) come from and make
sure you trust that source. If you allow two Zope's to sync their
object data, make sure that connection is totally secure.
-Michel