[Zope-dev] Import from upload?

[Evan Simpson]

----- Original Message -----
From: Chris Withers <chrisw@nipltd.com>
> Sin Hang Kin wrote:
> > In web hosting environment like imeme.net, It is painful and unsecure
for
> > all to share the import directory for updating.
>
> And it's insecure for the service providor to allow importign over the
> web :(

Yesterday, Jim actually came up with the hint of the start of how web import
could be made secure.  It should be possibly to write an unpickler which
consults the security machinery and ensures that the pickle doesn't
instantiate anything that the user doesn't have permission to make.  It may
be quite a while before someone actually writes this, unless one of you
folks wants to give it a shot ;-)

Cheers,

Evan @ digicool & 4-am