[Dev] ZODB is not a Storage Technology (Re: other formats )

Eric Gerlach egerlach at canada.com
Sun Nov 3 16:22:01 PST 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 03:28 PM 03/11/02 -0800, Kevin Altis wrote:
 >> -----Original Message-----
 >> From: Eric Gerlach
 >>
 >> At 01:09 PM 03/11/02 -0800, David McCusker wrote:
 >>  >Does anyone want to lecture on how ZODB works inside?
 >>
 >> Just a quickie:  At this stage, does it matter?
 >
 >From a design standpoint it probably does. I'm not a ZODB expert by
 >any
 >means, but it is my understanding that Python pickles are what ZODB
 >stores.
 >I'm not sure how this changes as you try and use a Berkley DB as a
 >backing
 >store, but it does bring up a big design point.

I sort of agree... I think that experience with data stores will help
in thinking of requirements for the data, but focusing on one
implementation restricts your view.  My point in rhetorically asking
whether or not the internals of ZODB matter was to point out that the
internals of the data store technology really don't matter until you
know what the data store is required to do.  Once that is known, then
it matters.

 >That is, should the file format be portable across operating systems?

This is a very valid point.  I would counter by saying that if all the
data and their semantics are easily exportable into a portable format,
then does the main store need to be portable?

 > <most concerns agreed with and therefore snipped :) >

 >If
 >you just use pickles, the data will be portable, but you need to have
 >a safe
 >unpickler to protect against trojan classes in the pickle; the method
 >called
 >when the data is unpickle is the big problem AFAIK.

To be honest, this is one of those problems that may or may not go
away.  In the same way that a malicious program could do this, they
could also replace .py and .pyc files on the user's hard drive with
modified ones.  Not much that can be done about that, unfortunately.

 >Hopefully, there are good answers to these concerns.

The answers to the concerns should be in the needs of the data
store... but those needs haven't been fleshed out yet.  At least not
to the mailing lists.  ;)

Cheers,

Eric
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)

iD8DBQE9xb19nuiuBLkZNokRAjATAJ0XtNnVmbaV0vxNMyABoDoNUHXvpQCePStR
Mwbg2V+01Dz6BCMosNtNHn8=
=z7kV
-----END PGP SIGNATURE-----




More information about the Dev mailing list