[Zope-Coders] Re: [Zope-Checkins] CVS: Zope/lib/python/AccessControl - ZopeGuards.py:1.13
Martijn Pieters
mj@zope.com
Tue, 17 Dec 2002 17:22:12 -0500
On Tue, Dec 17, 2002 at 04:18:47PM -0500, Ken Manheimer wrote:
> > How does Zope find these declarations?
> > Answer: by importing the module.
>
> That's not the whole story. A module need not make its own security
> declarations - other modules can do so (using eg ModuleSecurityInfo).
> So you can put something in your product to enable import of modules
> not part of your product.
Moreover, one can also have trusted code import the module, as I stated
earlier in the thread.
So, if you create a seperate External Method, or a module to be put in the
Products directory, that imports your Strip-O-Gram module, the security
declarations also get executed *before* untrusted code needs to import it.
--
Martijn Pieters
| Software Engineer mailto:mj@zope.com
| Zope Corporation http://www.zope.com/
| Creators of Zope http://www.zope.org/
---------------------------------------------