Paul Winkler wrote:
On Wed, Jul 10, 2002 at 03:17:14PM +0100, Ben Avery wrote:
well, external methods are python scripts with no safety measures at all,
For one thing, they live on the filesystem. If somebody has read/write access to your filesystem, you have much bigger problems than what th can do to your external methods. e.g. rm -f var/Data.fs.
I understand your concern with a situation like the above, but that is not exactly what I had in mind, I was thinking about matching/replacing strings, and take actions based on matches, not executing commands at the system level. Additionally, when I am talking about regex functionality, I think it would help if it's enabled within the context of Zope (inside Data.fs only) as a default, and not allowed to interact with outside stuff in the filesystem. Then people who wanted even more functionality could enable filesystem fuctionality at their own risk. For enhanced security only members of some group could be give the right to execute regexe's, or, even better, only certain folders could be enabled for that. Just some ideas...
For another thing, you can control via zope's security interface who has permission to add External Methods. So you can restrict them to trusted developers.
At least, I think that's the idea...
-- Jorge O. Martinez MIS Senior Associate FDCH-eMedia Inc. 2400 Forbes Blvd., Suite 200 Lanham, MD 20706 E-mail => jmartinez@eMediaMillWorks.com Phone => (301)731-1228 ext. 105 Fax => (301)731-0937