[Zope-dev] Re: RestrtrictedPython vs zope.security.untrustedpython
Philipp von Weitershausen
philipp at weitershausen.de
Mon Nov 19 13:33:43 EST 2007
Chris Withers wrote:
> Tres Seaver wrote:
>> Both are. RestrictedPython is still used in Zope2.
>
> Ah, so RestrictedPython is actually what's used for Script (Python)'s in
> current Zope 2 releases?
Yes, it's a low-level compiler for Python code that replaces certain
operations such as getattr with respective guards. You'll have to
provide such guards, though. "Script (Python)" is based on
Shared.DC.Scripts which implements such guards that do checks based on
AccessControl.
It looks like zope.security.untrustedpython integrates RestrictedPython
with zope.security.
> I think RestrictedPython is also "used" (ie: bundled with) Zope 3 given
> the comments, for example,here:
>
> http://svn.zope.org/RestrictedPython/trunk/src/RestrictedPython/Eval.py?rev=76322&view=auto
Yup, it's bundled and since Zope 2 and 3 were in different trees, we had
a small fork that was reunited in that checkin.
> So, I'm guessing RestrictedPython is the one to aim for?
No idea what you need...
More information about the Zope-Dev
mailing list