On Tue, Jan 21, 2003 at 09:54:59PM +0100, Tue Wennerberg wrote:
2) The python regex package is in C and no one has written the security wrapping code that Zope requires. I'm fuzzy on the details but this answer makes a lot more sense.
Well yes, if regular expressions were a security risk. This seems to be the general notion, but can anyone actually give an example?
No, that's not the point of 2) above. The point is that *any* module you import in zope ttw code must have certain security assertions, or you'll be denied access when you try to run the script. Allowing re to be imported would require writing a python wrapper to the re module (which is in C), and adding these security assertions to the wrapper. Nobody has taken the time to do this and post it publically. It doesn't matter if the module is deemed a security risk or not. No security assertions? Import is not allowed except in External Methods and filesystem Products. No exceptions. -- Paul Winkler http://www.slinkp.com Look! Up in the sky! It's PYSCHOMETRIC JUDO SKORPION! (courtesy of isometric.spaceninja.com)