J. Cameron Cooper wrote:
I'm comfortable working with Python, but the jump to Zope seems to have left me twiddling my thumbs. Simple things, like why I can't use certain modules in "Script (Python)"s,
Security. If you can import any old module, a low-priveledged user could break your site up and down thorugh the web, starting with eating all your resources and getting worse from there.
... of course they still can even with restricted python's protections in place, they just have to be marginally more creative. Know that, given the ability to author restricted python a user can easily cripple a Zope installation or run the zope process into its process resource limits. Design with that in mind. The theory of restricted python is, afaik, sound. The problem is that it is only effective in when used within a system thats built with its (r. python's) constraints in mind. Unfortunately, Zope doesn't entirely fall into that category. -- Jamie Heilman http://audible.transient.net/~jamie/ "You came all this way, without saying squat, and now you're trying to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile? I liked you better when you weren't saying squat kid." -Buddy