19 Nov
2007
19 Nov
'07
8:05 p.m.
On 19 Nov 2007, at 20:26 , Chris Withers wrote:
So, I'm guessing RestrictedPython is the one to aim for? No idea what you need...
http://mail.python.org/pipermail/python-list/2007-November/466438.html
It seems like zope.security does exactly what you need (e.g. user code shouldn't have to import anything as long as you pass proxied objects). <shameless plug> My book's chapter 21 does a complete walk- through of the zope.security system.</shamesless plug>
Out of interest, if all non-standard objects (ie: content) are wrapped in security proxies, do getattr and setattr still need to be overridden?
Nope.