[Zope-dev] Re: RestrtrictedPython vs zope.security.untrustedpython

Martijn Faassen faassen at startifact.com
Tue Nov 20 05:48:19 EST 2007


Hi there,

On Nov 20, 2007 11:24 AM, Chris Withers <chris at simplistix.co.uk> wrote:
[snip]
> > Traditional Zope 2 doesn't work that way: as soon as you make a call
> > from your Python script, the underlying code that is being called is
> > trusted. No proxies anywhere (well, except the ubiquitous acquisition
> > proxies..).
>
> Indeed, sometimes this is handy, sometimes it causes problems...

There will be a problem if proxies get into subsystems without any
security declarations. Most security policies should forbid access in
that case.

You might be surprised how many things you'll need to add security
declarations for. In my experience this seriously kills development
speed early on in the project.

Regards,

Martijn


More information about the Zope-Dev mailing list