OK How about this for the TODO list for ExternalFile: Create a facility whereby ExternalFiles must be created within a set of allowed directory(ies), specified in .../etc/allowedDirectories.txt For example: # # helpful comment goes here # / # allow everything # Or: # /home/webserver/public # public stuff /archive/repository/ # read only dir full of downloaded PDFs /space/temp # temporary area for testing Or: # c:\Documents And Settings # docs dir - the create dialog will list the current set of allowed directories, but not allow changes (changes must be done by hand to the txt file) - there is no default for allowedDirectories.txt I will ship it with no entries, meaning that the product is effectively disabled by default - If no directory is set, ExternalFile.py will raise an Exception at Zope startup time, indicating that at least one allowdir must be set The exception report will include appropriate instructions Comments? --Craeg Martijn Pieters wrote:
On Thu, Nov 07, 2002 at 11:24:35AM -0500, Craeg K Strong wrote:
What would you recommend? Perhaps there should be a predefined list of "forbidden" directories for ExternalFiles? The problem is that-- in the development scenario-- the very things you mention below might be what you legitimately *want* to do as a developer.
'Jail' the base directory. Files can only be referenced within the jail. Relative paths outside the jail are forbidden. This is what FTP and web servers do, and so should ExternalFiles. A full path (starting with a '/') then starts at the base directory.
The base directory should not be configurable through the web. Rather, use an environment variable. Only one directory is needed, as files that need to be accessible can be copied or symlinked.