Hi, I'm not the right person to speak about the security aspects of this, but as a PythonMethod user, I will definitely say that this would be helpful. There are so many uses for lists and dictionaries that it is painful to not have them. So, if you can do this securely, please do! It sounds like you're comfortable with the security aspects of this change. Are there any other tradeoffs to be aware of (performance penalties, etc)? Kevin ----- Original Message ----- From: "Evan Simpson" <evan@4-am.com> To: <zope-dev@zope.org> Sent: Thursday, January 06, 2000 12:24 AM Subject: [Zope-dev] RFC: Possible change to PythonMethod restrictions
A minor annoying side-effect of the safety restrictions on PMs is that you can't manipulate local data structures directly. For example, if you create a dictionary or list to hold some objects, you can't scan through and delete items from it. You have to build a new list or dict instead.
I think it should be possible to safely allow some normally illegal operations as long as Zope can verify that you created the target object. When a PythonMethod compiles its code, the following steps would take place:
[snippage]