Christopher G. Petrilli wrote:
On Tue, Mar 02, 1999 at 01:43:10PM -0600, Tres Seaver wrote:
The particulars of my case are that the control structures of DTML are not quite powerful enough to accomplish my task; of course, strengthening them, even in a "sandbox" model, still leaves open the possibility for buggy/malicious code to do ugly things (like your example below).
Well, it might help if you offered what control strucuture you need, we might be able to come up wit han interim solution.
Ok, the "teeth-cutting" example I am trying to implement generates math-facts problems for my five year old. In Python, two trivial functions: I _think_ this one is easy in DTML: def problem( max_term, operators ) : """ Generate a single math-fact problem whose terms are within range( max_term + 1 ), using one of the supplied operators. """ lhs = random.randrange( max_term + 1 ) rhs = random.randrange( max_term + 1 ) operation = operators[ random.randrange( len( operators ) ) ] return ( lhs, operation, rhs ) But not this one: def gen_problem( max_term, operators ) : """ Generate a math-fact problem whose terms and results are all within range( max_term ), using the supplied operators. """ while 1 : # Arbitrary looping! (could benefit from # the dreaded assignment-in-conditional :) probStr = "%d %s %d" % problem( max_term, operators ) result = eval( probStr ) if 0 <= result and result <= max_term : return probStr And of course, the DTML syntax for something like this is going to be ugly.
Actually, the possibility which seemed most interesting was Doug Wyatt's suggestion of "federating" a set of independent Zbases under one (at least apparently one) server. Then any damage my ExternalMethod did would be to the Zbase would be on my own head, at least. If that server were actually a process running as me, then standard system security procedures should probably be fine.
TO me this is just a hack to get around it near term, and doesn't fix the problem. Also if you have 100 users, do you have 100 instances of zope running under 1 ZServer? That sounds like a true administrative nightmare... And substantial overkill.
One instance per "sandbox", not one per user (although on starship this is a distinction without a difference). The "content manager only" applications will do fine in a single Zope instance, as now. -- ========================================================= Tres Seaver tseaver@palladion.com 713-523-6582 Palladion Software http://www.palladion.com