No :-) I just want to run untrusted Python code using exec and I need this code to be allowed to access few methods on few Plone portal tools, but nothing else. For instance: portal_membership.getMemberById(id).getProperty('email') would be accepted but: portal_membership.addMember() would be forbidden. I tried to use zope.security.untrustedpython and also I had a look in zope.tales.expressions to understand how it works but I didn't succeed in understanding how I can define what is authorized and what is forbidden. Apparently it must be done using NamesChecker but I haven't found documentation about it (I tried to copy/paste the unit tests but unsuccessfully...). What would you recommend ? What is the 'official' way to run an untrusted python code with exec and control what this code can do or not ? Thanks, Eric BREHAULT On 3/15/07, Andreas Jung <lists@zopyx.com> wrote:
--On 15. März 2007 16:33:56 +0100 Eric Bréhault <ebrehault@gmail.com> wrote:
Hello,
I am trying to build a safe proxy to wrap the Plone portal object in order to control what is allowed or not.
You're trying to reinvent the Zope security machinery?
-aj