I'm considering doing something in the LocalFS product that seems like a potentially huge security risk, which is calling exec on a string submitted through a form. The reason is that I want to allow users to customize the object class associated with different content-types when the product constructs a Zope object from a local file. I need a way for them to specify the arguments to the object constructor from the management interface. The solution I came up with is rather awkward but I can't think of a better one. Suppose 'c' is a string containing, for example, "OFS.DTMLMethod.DTMLMethod(data, __name__=id)". This is the code to construct the object: try: # this should hopefully avoid executing # malicious python code if ';' in c: raise ValueError m = c[:string.rindex(c, '.')] exec('import ' + m) exec('ob = ' + c) except: pass I'm hoping that by disallowing ';' in the string I can avoid malicious code like: OFS.DTMLMethod.DTMLMethod(data, __name__=id); print "Hi. I've got control of your server now. Have a nice day." Can anyone else think of how this code can still be exploited? Can anyone think of a better, safer way to do this altogether? Is any of this making sense? Thanks, -jfarr