9 Sep
2000
9 Sep
'00
5:07 p.m.
you can write anything destructive, whether it is an external method, a DTML Method, or basically anything. At least if the only way you can import .zexp's is from the import directory, then only people with access to the zope file structure can import stuff...that will usually be restricted to system administrators or superuser people.
But if there was a Can Import From Web role than you could control who could import and who couldn't. Granular Security is a strong point of Zope. We should strive to use it.