[Zope] ANNOUNCE: EXPERIMENTAL DTML Syntax change

Jim Fulton jim@digicool.com
Tue, 15 Jun 1999 09:47:59 -0400


Tom Jenkins wrote:
> 
> >   - This does not address the desire for a nicer through-the-web scripting
> >     language for Zope.  We intend to provide the ability to build Python methods
> >     through the web that are as safe (from a security point of view) as existing
> >     DTML methods.
> >
> Eeek!  If you do provide the ability to build Python methods through the
> web, please include a way for us to NOT ALLOW this. 

OK.  We'll can make it a product that you chose not to install.

> Or better yet, let
> us know exactly where this module is in the code base so we could
> replace it with empty stubs <g>.  I worry enough without the added
> thoughts that someone could crack open zope and shovel in python
> code.

Remember that we said that this would be just *as safe as DTML*:

  - Every object access would be checked against the security 
    machinery, as is done now in DTML expressions,

  - There will be guards against infinite loops and other sorts
    of accidents or attacks that cause loss of service.

Jim

--
Jim Fulton           mailto:jim@digicool.com   Python Powered!        
Technical Director   (888) 344-4332            http://www.python.org  
Digital Creations    http://www.digicool.com   http://www.zope.org    

Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email
address may not be added to any commercial mail list with out my
permission.  Violation of my privacy with advertising or SPAM will
result in a suit for a MINIMUM of $500 damages/incident, $1500 for
repeats.