Management interface for Extensions/Import folder
I don't know if this was ever discussed on this list but I would like to have a management interface for the Extensions and the import folder in a future version of Zope (maybe 2.6?). Are there any reasons why this has not been implemented yet? It would make Zope completely manageable through the web interface. -- Juergen Plasser plasser@hexagon.at
On Mon, 11 Mar 2002, Juergen R. Plasser / Hexagon wrote:
I don't know if this was ever discussed on this list but I would like to have a management interface for the Extensions and the import folder in a future version of Zope (maybe 2.6?). Are there any reasons why this has not been implemented yet? It would make Zope completely manageable through the web interface.
Python Extensions can execute without *any* security checks (unlike Zope's PythonScripts). Being able to edit them through-the-web would be more risky, as a mistake in your Zope permissions would let someone execute arbitrary code not just in Zope-land, but on your actual computer. I'd think about this before implementing anything. -- Joel BURTON | joel@joelburton.com | joelburton.com | aim: wjoelburton Independent Knowledge Management Consultant
On Mon, 11. März 2002 10:05 -0500 Joel Burton <joel@joelburton.com> wrote:
Python Extensions can execute without *any* security checks (unlike Zope's PythonScripts). Being able to edit them through-the-web would be more risky, as a mistake in your Zope permissions would let someone execute arbitrary code not just in Zope-land, but on your actual computer.
I'd think about this before implementing anything.
Ok, that's right! I didn't mind security reasons... But for any object in Zope it is true that a mistake in the permissions could be risky. I have to admit that then the risk is more located in Zope-land. -- Juergen Plasser plasser@hexagon.at
Hi! You can point a LocalFS to these folders, keeping in mind that it will only have the rights that "Zope" (whoever started it, if "root" then "nobody") has in these folders. (http://www.zope.org/Members/jfarr/Products/LocalFS) Danny On Tuesday 12 March 2002 04:46, Juergen R. Plasser / Hexagon wrote:
On Mon, 11. März 2002 10:05 -0500 Joel Burton <joel@joelburton.com> wrote:
Python Extensions can execute without *any* security checks (unlike Zope's PythonScripts). Being able to edit them through-the-web would be more risky, as a mistake in your Zope permissions would let someone execute arbitrary code not just in Zope-land, but on your actual computer.
I'd think about this before implementing anything.
Ok, that's right! I didn't mind security reasons... But for any object in Zope it is true that a mistake in the permissions could be risky. I have to admit that then the risk is more located in Zope-land.
-- Juergen Plasser plasser@hexagon.at
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
participants (3)
-
Danny William Adair -
Joel Burton -
Juergen R. Plasser / Hexagon