Mind you, it's probably helpful to some people, but I feel this departs strongly from the basic Zope security model and should be noted prominently. Consider for instance what XXXPythonScript requires:
In order to create or edit XXX Python Scripts, you have to set "ALL_YOUR_BASE_ARE_BELONG_TO" equal to "US".
good idea. I'll think about such a solution.
Im really not sure what setting the environment variable gives you. I would prefer just a warning, if you feel one is warranted. Since a user has to have file system access to install the product, they are making a decision to install the software and accept the security considerations of that product (assuming they know what they are). Setting an extra environment variables does nothing to increase security. -- Andy McKay www.agmweb.ca