Hi, I have a need to generate an md5 hash for an XML fragment generated by TTW Zope code. I thought I could do this with "allow_module" - I have a pseudo-product with an __init_,py that contains: - # Global module assertions for Python scripts from Products.PythonScripts.Utility import allow_module allow_module("md5") In my TTW python script, I have: - import md5 hash=md5.new() hash=hash.update('test') ...but when I execute the script I get: - Error Type: Unauthorized Error Value: The container has no security assertions. Access to 'update' of (md5.md5 object at 0xb98ab00) denied. I'm basing this on: - http://www.zope.org/Documentation/Books/ZDG/current/Security.stx ...specifically the section entitled " Utility Functions For Allowing Import of Modules By Through The Web Code". I thought I understood this, and have used it with other Python modules, but based on what is happening with the md5 module, I obvioulsy don't! Can someone clue me in, or point me towards more recent or explicit documentation, please? -- Cheers, Philip
--On 7. Januar 2008 21:10:32 +0000 Running Clam <running.clam@gmail.com> wrote:
Hi,
I have a need to generate an md5 hash for an XML fragment generated by TTW Zope code.
Error Type: Unauthorized Error Value: The container has no security assertions. Access to 'update' of (md5.md5 object at 0xb98ab00) denied.
I'm basing this on: -
http://www.zope.org/Documentation/Books/ZDG/current/Security.stx
...specifically the section entitled " Utility Functions For Allowing Import of Modules By Through The Web Code".
I thought I understood this, and have used it with other Python modules, but based on what is happening with the md5 module, I obvioulsy don't!
FAQ! allow_module() does not work with all and everything. Use an external method or a browser view instead or move your code into your zope product code (if you have one). -aj
Running Clam wrote at 2008-1-7 21:10 +0000:
I have a need to generate an md5 hash for an XML fragment generated by TTW Zope code.
I thought I could do this with "allow_module" - I have a pseudo-product with an __init_,py that contains: -
# Global module assertions for Python scripts from Products.PythonScripts.Utility import allow_module allow_module("md5")
An "allow_module" allows import of the module and all its content. It does not in general allow to use the objects inside the module. For example, to use class instances for classes defined in the module, the class must provide its own security declarations which control in what way the instances can be used. In your case, the module contains special types. You need an "allow_type" for each of these types to be able to use them. -- Dieter
participants (3)
-
Andreas Jung -
Dieter Maurer -
Running Clam