[Zope] Zope+Python source-code security
Harry Wilkinson
harryw@nipltd.com
Mon, 29 Apr 2002 15:08:16 +0100
On Monday 29 April 2002 2:36 pm, Paul Winkler wrote:
> On Mon, Apr 29, 2002 at 12:16:54PM +0200, Pawel Lewicki wrote:
> > Hallo,
> > I was asked to make a web-application that seems to be perfect to be
> > built in Zope and Python. And it is also the great opportunity to get to
> > know the second one :) But the main issue is the security of the
> > source-code. I was browsing the archive and haven't found yes/no answer
> > if it is possible. There are a few security layers:
> > 1. Zope management (I suppose the easiest)
> > 2. Data.fs (Can you pull the stored objects and browse externally?)
>
> Yes, should be possible. AFAIK Data.fs is just a big pickle dump,
> so all you'd need to explore it is a python interpreter.
>
I don't think it's *just* a big pickle dump, although yes I think the data is
pickled Python objects stored in a file. It's a bit more organised than just
dumping everything to a file though.
You can access the ZODB through just Python now, I think. I hear a lot of
work has gone into making ZODB a standalone Python product. If you want to
access data stored in that Data.fs through something other than Zope, I
suggest you look at the ZODB source/docs.
HarryW