Tom Jenkins wrote:
- This does not address the desire for a nicer through-the-web scripting language for Zope. We intend to provide the ability to build Python methods through the web that are as safe (from a security point of view) as existing DTML methods.
Eeek! If you do provide the ability to build Python methods through the web, please include a way for us to NOT ALLOW this.
OK. We'll can make it a product that you chose not to install.
Or better yet, let us know exactly where this module is in the code base so we could replace it with empty stubs <g>. I worry enough without the added thoughts that someone could crack open zope and shovel in python code.
Remember that we said that this would be just *as safe as DTML*: - Every object access would be checked against the security machinery, as is done now in DTML expressions, - There will be guards against infinite loops and other sorts of accidents or attacks that cause loss of service. Jim -- Jim Fulton mailto:jim@digicool.com Python Powered! Technical Director (888) 344-4332 http://www.python.org Digital Creations http://www.digicool.com http://www.zope.org Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email address may not be added to any commercial mail list with out my permission. Violation of my privacy with advertising or SPAM will result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats.