[Zope-dev] Re: RestrtrictedPython vs zope.security.untrustedpython
Dieter Maurer
dieter at handshake.de
Tue Nov 20 14:33:20 EST 2007
Chris Withers wrote at 2007-11-20 10:21 +0000:
>Philipp von Weitershausen wrote:
>>> Indeed, but how do you prevent importing and insecure builtins like
>>> "open" without RestrictedPython?
>>
>> Well, they can only use the builtins you give them, right?
>
>Hmm, not sure what you mean by this? How do you choose what builtins to
>give them?
You execute their code in a "globals" the "__builtins__" of which
contains precisely the builtins you want to give them.
--
Dieter
More information about the Zope-Dev
mailing list