[Zope] Python Method

Farzad Farid farzy@via.ecp.fr
Thu, 10 Feb 2000 14:48:25 +0100


On Thu, Feb 10, 2000, Phil Harris wrote:
> To my understanding the security model applied to Python Methods does not
> allow you to access files that sit on the 'real' filesystem.
> 
> It would be a *huge* security hole to allow this.
> 
> You are going to have to use an external method to accomplish what you
> desire.
> 

Or, if you are reckless, you can edit the file
lib/python/Products/PythonMethod/Guarded.py and set 'do_XXX' to
1. After you restart Zope you'll have a new object called 'XXX Python
Method' that can use the 'open' and 'import' functions, among other
benefits. This method seems a bit dangerous but I needed it.

The problem is that the PythonMethod product gives you all or nothing
depending on this variable, there is no intermediate security level.

-- 
Farzad FARID <farzy@via.ecp.fr>
Ingénieur Informatique Libre
Alcôve - http://www.alcove.fr/