RE: [Zope] re module & through the web security
If you're concerned about the availability of various modules within PythonMethods, you should participate in the PythonMethods project wiki, probably at the page http://dev.zope.org/Wikis/DevSite/Projects/PythonMethods/CurrentIssues.
-----Original Message----- From: Dan L. Pierson [mailto:dan@sol.control.com] Sent: Wednesday, September 06, 2000 10:14 AM To: Chris Withers Cc: Chris McDonough; T.J. Mannos; Marcus Mendes; zope@zope.org Subject: Re: [Zope] re module & through the web security
Chris Withers writes:
Chris McDonough wrote:
There's the perception at DC that 're' isn't appropriate for through-the-web usage because it's possible to write and use regex that sends the Python interpreter thread it's operating within into a neverending loop. Sorry.
[snip]
It seems like that perception is hobbling Python Methods, in particular, by removing useful stuff like the re module because the assumption is being made that people editing TTW code will be untrusted.
I think the re module is a good example for arguing that DTML and Python Methods should have different criteria for deciding what modules are available (and separate permissions for users, if they don't already).
Somehow, the idea of mixing regexps and DTML gives me chills, but I agree that it is a perfectly reasonable tool to want to use in Python Methods. This relates more the crusade to depricate DTML programming as opposed to DTML report writing than it does to security concerns.
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
participants (1)
-
Chris McDonough