What I am trying to do is to build a Lotus Domino-like toolkit under Zope/Plone, so basically my product allows people to build their own groupware-oriented business applications directly from the Plone user interface (by designing forms, views, etc...).

One important aspect is the ability to create custom action buttons or custom scheduled agents to automate some basic processes over the managed content.

As I do not plan to develop my own script language to do it, I thought I could use directly Python, and run it using exec.

And yes, it would be insane if it was not controlled and restricted. That is precisely what I am working on.

Eric BREHAULT
http://www.brehault.net/plomino/

On 3/15/07, Jens Vagelpohl <jens@dataflake.org> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 15 Mar 2007, at 21:19, Eric Bréhault wrote:
> What would you recommend ? What is the 'official' way to run an
> untrusted python code with exec and control what this code can do
> or not ?

There is no official way because running untrusted code with "exec"
is an insane proposition.

jens


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFF+bmzRAx5nvEhZLIRArJQAJ9pyWSElVLIzfJJrA1V95gAem7+FwCgthjU
KIBdb/VcWDlWfC0Tzc4dJ2g=
=gVBx
-----END PGP SIGNATURE-----
_______________________________________________
Zope maillist  -   Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )