On Thursday 08 May 2003 11:57 am, Chris Beaumont wrote:
I guess what I am asking is if Zope's Python can be told to launch apps on the hosting machine. But that seems like it would be a major security hole, so I understand if its not possible..
Other people have answered you, but I'd like to re-express it for you: 1) Python script (restricted) 2) calls --> External method OR Product method (unrestricted) 3) calls --> system calls #1 you already know how to do this, I think #2 Zope book or online resources "external method" docs #3 Python docs: http://www.python.org/doc/2.1.3/lib/allos.html With these various python system calls you can do essentially anything you can imagine with calling external programs, and they will be called directly by your site code on demand. Points to consider, though: 1) You are now dependent on your choice of OS 2) You are now vulnerable to DOS-style attacks which take advantage of your interface to trigger unreasonably difficult tasks or consume excessive resources -- you have to think about this in your design. They can't run "anything" on your system, but the programs you've opened up may have enough faults to be troublesome. 3) Don't do something like allowing the user to give you a string and then pass it to os.system()!!! Don't even pass part of a string this way. Cheers, Terry -- Terry Hancock ( hancock at anansispaceworks.com ) Anansi Spaceworks http://www.anansispaceworks.com