I'm making a serious run at trying to create a Product which will allow through-the-web creation of methods written in straight Python. Right now what I've get is a pile of brainstorming, and I'd appreciate feedback. Basically, I plan to take an arbitrary chunk of Python code, wrap it in a function definition, compile it, and then thrash the resulting bytecodes with bytecodehacks (see http://starship.python.net/crew/mwh/bch/index.html). This will serve the dual purposes of enforcing restrictions on what the code can do, and bending the semantics for better Zope integration. Thoughts so far: 1. Must store a PythonMethod as raw text for editing purposes. Compile/hack on each load, or try to store the compiled function for speed? 2. Allow simple assignment, and no other kind. "x = anything" is legal, but not "x[0] = ...", "x.spam = ...", "x() = ...", etc. Tuple/list unpacking might also be allowed. 3. Disallow "del" and "exec" entirely. 4. Restrict "import" to modules/packages found in a particular location, so that 'safe' modules can be used. 5. Allow "while" and "for". Insert 'escape code' at the bottom of every loop, to allow PythonMethods to 'time out' after some elapsed time or loop count. 6. Allow "print" to be used to generate rendered output by replacing it with a function that accumulates text. If anything other than literal "None" is returned, the collected "print" text is discarded, otherwise it becomes the return value (on "return", "return None", and on implicit return, but not on "x=None; return x", for example). 7. Either disallow "global", or redirect access to globals into a controlled namespace. 8. Provide the Zope standard builtins (and tags?) as builtins. or-have-I-missed-a-showstopper-ly y'rs Evan Simpson