[Zope-Coders] Re: [Zope-Checkins] CVS: Zope/lib/python/AccessControl
- ZopeGuards.py:1.13
Chris Withers
chrisw@nipltd.com
Tue, 17 Dec 2002 20:53:39 +0000
Martijn Pieters wrote:
> On Tue, Dec 17, 2002 at 07:46:18PM +0000, Chris Withers wrote:
>
>>But you can already import arbitary modules if you dump them in the
>>Products directory. Is that dangerous?
>
> The point is that untrusted users can cause imports.
But they can do that anyway, just by dumping a package in the Products directory.
> Only admins can cause
> packages to be placed in Products; your change allows *any* package to be
> imported.
But only 'admins' can install packages...
Chris