[Zope] - Where do I put source code files???

Jim Fulton jim.fulton@digicool.com
Fri, 22 Jan 1999 13:06:12 -0500 

Bruce Perens wrote:
> 
> They tell me they don't want to put python code in the object database.
> Just why should be put on the zope web site.

This is a little hard to respond to, since "python code in the object 
database" could mean a lot of different things. The narrow notion of
storing source code in the database is a little problematic, since it 
would make transport of database files *even more* of a security issue 
than it is now.  The existing worry about the power of pickles is
one of the reasons (other than time :) why we've avoided making things 
like export/import and "replication" more convenient.  Knowing that
Python source code might be transported in pickles would tend to 
make us (me?) even more paranoid.  Of course, there's nothing
preventing anyone from storing Python source in the database now, so
offiecilly sanctioning it would not be much of a step. :)

Now, presumably, people don't *just* want to store python code
in the database.  They also want to edit it through the web.
Would such methods be subject to restrictions, like DTML is?
I presume so.  I'm not opposed to this, but someone would need
to at least extensd the security machinery used for DTML 
expressions to full Python code.  (Restricted execution is not 
enough IMO.)  Note that one of the useful things about 
ExternalMethods is that they aren't subject to the security 
rules now.

Then again, one might have a development environment that
was more closed, and therefore secure for editing Python
code that was stored in the database.

Some people might want to store module and class definitions 
in the  database or import from the database.  This could be pretty 
cool, if done well. I'm not opposed to it in principle.

Jim

--
Jim Fulton           mailto:jim@digicool.com
Technical Director   (888) 344-4332              Python Powered!
Digital Creations    http://www.digicool.com     http://www.python.org

Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email
address may not be added to any commercial mail list with out my
permission.  Violation of my privacy with advertising or SPAM will
result in a suit for a MINIMUM of $500 damages/incident, $1500 for
repeats.