----- Original Message ----- From: "Eric Bréhault" <ebrehault@gmail.com> To: <zope@zope.org> Sent: Thursday, March 15, 2007 4:19 PM Subject: Re: [Zope] build a safe proxy
No :-) I just want to run untrusted Python code using exec and I need this code to be allowed to access few methods on few Plone portal tools, but nothing else. For instance: portal_membership.getMemberById(id).getProperty('email') would be accepted but: portal_membership.addMember() would be forbidden.
I tried to use zope.security.untrustedpython and also I had a look in zope.tales.expressions to understand how it works but I didn't succeed in understanding how I can define what is authorized and what is forbidden. Apparently it must be done using NamesChecker but I haven't found documentation about it (I tried to copy/paste the unit tests but unsuccessfully...).
What would you recommend ? What is the 'official' way to run an untrusted python code with exec and control what this code can do or not ?
How about an external method? Jonathan