[Zope-dev] DTML Syntax contd. + rant + summary

Stuart 'Zen' Bishop zen@cs.rmit.edu.au
Fri, 12 Nov 1999 09:35:34 +1100 (EST)


On Thu, 11 Nov 1999, Evan Simpson wrote:

> The latest release of the PythonMethod Product has two kinds of
> PythonMethod: regular and XXX.  A switch in the source code allows you to
> turn "XXXPythonMethod"s on and off, and they are off by default.  XXXPMs are
> wild, unsafe, and unrestricted, with (lack of) security equivalent to
> External Methods.  The only limit on them (under *nix, anyway) is that
> they're likely to be running as user "nobody".  Regular PMs, on the other
> hand, are meant to be completely safe, and subject to all the same
> restrictions as DTML, although this goal has not yet been acheived.  Any
> holes in regular PM security, however, only give improper access to Zope
> objects, *not* the system at large.

Is this using r_exec and Bastion from Python? Or do you have to roll
your own?

> > Question: Is there a way we can reconcile these two conflicting
> > drives?  If some solution can be found, then maybe PythonMethods could
> > be added to the products that come with basic Zope.  Suggestions?
> 
> The DC folks have started talking with me about this.  I'm optimistic.


My summary of the thread so far would be along the lines of:

    Magic sequence- variables need to have aliases of sequence_ (everyone
    rabidly agrees on this) Strangely enough no one has owned up to
    actually implementing the '-' variables, most likely as they are
    afraid of being lynched.

    Program code should not be embedded in the Reporting language.

    DTML sucks when used beyond its intended scope as a Reporting language.
    The ability to program in DTML should be discouraged or possibly 
    depricated.

    DTML is constantly being used beyond its intended scope, as there
    is no way to program Zope without resorting to External methods or
    Python Products with their various caveats. In particular, there
    is no way of running program code in a sandbox without using DTML
    which means all Zope programmers need to be given effective full
    control over the Zope installation.

    PythonMethods is available now and could fill the void if it is
    integrated with the Zope distribution. Work will need to be
    done proving that Python Methods opens no security concerns not
    already valid with DTML.

> > 2) Perhaps they could use the rexec module or Zope's existing sandbox
> > to run their code (but would the sandbox limit their usefulness? --
> > maybe not, if you take the attitude that serious Python code should
> > still be in a product or ExternalMethod).

Until program code can be implemented using the web interface and
run securly in a sandbox, DTML will continue to be abused. 

 ___
   //     Zen (alias Stuart Bishop)     Work: zen@cs.rmit.edu.au
  // E N  Senior Systems Alchemist      Play: zen@shangri-la.dropbear.id.au
 //__     Computer Science, RMIT 	 WWW: http://www.cs.rmit.edu.au/~zen