Fredrik Lundh wrote:
the bug had nothing to do with the XML-RPC protocol itself;
True, sorry for the confusion. I should have written it more precisely.
it was a weakness in the SimpleXMLRPCServer framework which used reflection to automatically publish instance methods (if you use getattr repeatedly on an instance, you can access a lot more than just attributes and methods...)
how do you publish "RPC endpoints" in Pyro?
By reflection :-) return getattr(self,method) (*args,**keywords) But Pyro currently treats attribute lookups differently. It either ignores them completely (you have to enable remote-attribute access explicitly) or returns attributes as 'local' objects. What I mean is that you can access a remote attribute of a Pyro object, but only one level deep. There is no repeated (nested) remote attribute lookup. It's quite difficult to explain, if you want more details please read the relevant section in the Pyro manual: http://pyro.sourceforge.net/manual/7-features.html#nestedattrs As far as I can see, Pyro is safe from the XMLRPCServer weakness.
Interestingly, I have been thinking for a long time to add nested remote attribute lookup to Pyro. I know know that this is perhaps not a really good idea :)
--Irmen -- http://mail.python.org/mailman/listinfo/python-list
