In a bit of a pickle here :)

[Larry goodman]

Hi, Im an old C++ salt who is doing his first large project using
python/wxPython.  Fantastically productive are python and wxWindows.
If you could bear with me, I have a couple of questions for people who
have implemented python projects with similar characterstics.  I'm
building a client/server app where the client is a windows or linux
desktop and the back end is pyhton middleware (im going to write)
running on linux with a postgres SQL back end.

I started out using the typical client/server approach starting with
my data model.  The more i've used python, the more i've gotten to
think I really dont need a relational data model at all.  All the
middlware does is serve up pickled python objects to my desktop via
sockets.  The desktop model contains all of the logic as my app runs
in an offline briefcase model.  So I came up with the idea of just
storing all of the python objects in the postgres database pickled in
a blob field.  Im sure about ten thousand other people came up with
this idea before me.  The only other data stored in the table will be
the id of the object and the last time the object was modified.  I may
also store a CRC for resolution conflict.  For instance, if a client
tries to change an object that was also changed by someone else since
they last received it, the server would throw an exception.  Are there
any holes with this approach?  Is there a better approach?  I have to
stress that I cannot use remoting like pyro because the laptop will be
offline most of the day.  They will resync with the server at most a
few times a day.  

I have one other question about the pickle system.  If I add new
attributes to an object and try to unpickle an old version will it
work?  How do you handle versioning of objects with pickle?

My last questions involve using sockets as a transport.  If I use
python to exchange data via sockets on the server, will my server be
susceptible to buffer overflow attacks?  Because I may need to support
handhelds with no SSL capability, I may need to expose a socket to the
internet unsecured.  Any idea what the best approach would be to
keeping the bad people out in this instance?  How should I secure my
middleware if I cannot support SSL?

If I have to I will only support SSL or running sockets over SSH.

Thanks so much for helping out.