Hi, Chris Withers wrote:
Chris McDonough wrote:
There's the perception at DC that 're' isn't appropriate for through-the-web usage because it's possible to write and use regex that sends the Python interpreter thread it's operating within into a neverending loop. Sorry.
Am I the only one who thinks this is silly?
One of Zope's key strengths is its granular security, right? So why isn't it the reponsibility of the site designer/maintainer/owner/whatever to ensure that only people he trusts have the ability to write DTML?
It seems like that perception is hobbling Python Methods, in particular, by removing useful stuff like the re module because the assumption is being made that people editing TTW code will be untrusted.
IMH(umble), either you don't have confidence in Zope's security, or you're assuming your users are stupid (that may be fair for a lot of us, but still ;-)
Comments? :-)
I think the granularity could be finer. If one could give some users access to more 'riscy' modules and some not, it schould be sufficient. I schould write a proposal for thru the web python products... *g* Greetings Tino