Mark, Jonathan (Integic) wrote at 2007-1-26 10:29 -0500:
I have an external method which uses eval(). I would like to prevent anyone from calling this method from inside a URL, e.g., myzopesite/myexternalmethod?myvar=deletemyfiles()
Rather, I wish for only Zope objects such as Python Scripts to be able to call this external method. Is there any way to turn off the publishing of external methods to the web in Zope?
When you do not want that a object is called from the Web, you have too options: give it a non 'None' 'index_hmtl' (then this 'index_html' is called and can tell that this object must not be called directly) or give it an empty '__doc__'. The ZMI does not give you a way to do this, but you can do it in an interactive Python interpreter accessing your storage directly (under *nix: "bin/zopectl debug"). -- Dieter