RE: [Zope] List of safe libraries
Actually, I was wondering if there is a "Master List" of libraries and modules that one is authorized to import into a python script object. -----Original Message----- From: Joel Burton [mailto:joel@joelburton.com] Sent: Friday, July 26, 2002 11:28 AM To: Aaron Gillette Subject: RE: [Zope] List of safe libraries It's a little fuzzy... what constitutes safe? Even without any additional libraries, a clever coder can hang a Zope thread using just PythonScripts. Regular expressions, for instance, are safe in that they won't let you write to the filesystem or do other serious damage, but you can easily write a regex that will never finish, hanging that Zope thread. Can you be more specific about who will be allowed to write these scripts? Semi-trusted internal users? Complete strangers? - J. -- Joel BURTON | joel@joelburton | www.joelburton.com | aim:wjoelburton Information Technology & Knowledge Management Consultant
-----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of abg@comco-inc.com Sent: Friday, July 26, 2002 12:29 PM To: zope@zope.org Subject: [Zope] List of safe libraries
Does anyone keep a list of libraries that are safe for import into python script objects?
Thanks,
Aaron Gillette abg@comco-inc.com
Comco, Inc. The Source for Data Pros WorldWide. Specializing in large-format tape drives (3480, 3490, 3490e, 3590 & 9-track), data translation services and data management software.
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
From $ZOPE/lib/python/Products/PythonScripts/standard.py, it would appear that you have access to those things DTML already gives you (DateTime, math, string) plus the PythonScript.standard utils (formatting as structured text, html_quoted, etc.), and the RestrictedDTML class.
There's info in this folder (in module_access_examples.py) on how to access other modules, and it gives some advice on which standard Python modules are safe, semi-safe, or ready for inclusion into Outlook. HTH. -- Joel BURTON | joel@joelburton | www.joelburton.com | aim:wjoelburton Information Technology & Knowledge Management Consultant
-----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of abg@comco-inc.com Sent: Friday, July 26, 2002 12:42 PM To: zope@zope.org Subject: RE: [Zope] List of safe libraries
Actually, I was wondering if there is a "Master List" of libraries and modules that one is authorized to import into a python script object.
-----Original Message----- From: Joel Burton [mailto:joel@joelburton.com] Sent: Friday, July 26, 2002 11:28 AM To: Aaron Gillette Subject: RE: [Zope] List of safe libraries
It's a little fuzzy... what constitutes safe? Even without any additional libraries, a clever coder can hang a Zope thread using just PythonScripts.
Regular expressions, for instance, are safe in that they won't let you write to the filesystem or do other serious damage, but you can easily write a regex that will never finish, hanging that Zope thread.
Can you be more specific about who will be allowed to write these scripts? Semi-trusted internal users? Complete strangers?
- J.
-- Joel BURTON | joel@joelburton | www.joelburton.com | aim:wjoelburton Information Technology & Knowledge Management Consultant
-----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of abg@comco-inc.com Sent: Friday, July 26, 2002 12:29 PM To: zope@zope.org Subject: [Zope] List of safe libraries
Does anyone keep a list of libraries that are safe for import into python script objects?
Thanks,
Aaron Gillette abg@comco-inc.com
Comco, Inc. The Source for Data Pros WorldWide. Specializing in large-format tape drives (3480, 3490, 3490e, 3590 & 9-track), data translation services and data management software.
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
participants (2)
-
abg@comco-inc.com -
Joel Burton