[Zope-dev] Re: RestrtrictedPython vs zope.security.untrustedpython
Chris Withers
chris at simplistix.co.uk
Thu Nov 22 09:48:31 EST 2007
Dieter Maurer wrote:
> Chris Withers wrote at 2007-11-20 23:55 +0000:
>> Dieter Maurer wrote:
>>> You execute their code in a "globals" the "__builtins__" of which
>>> contains precisely the builtins you want to give them.
>> unfortunately that still leaves the import problems, correct?
>
> The "import" "command" is mapped to the "__import__" builtin.
>
> Thus, changing the "__import__" builtin....
Ah, fantastic, so if I supply a very limited namespace to the
environment, with my own __builtins__ and __import__, and where all
objects I worry about are proxied, I should be okay not to use
restricted python at all?
If so, that would be uber cool :-)
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Zope-Dev
mailing list