[Zope] XXX-PythonMethods caveats?
Tony McDonald
tony.mcdonald@ncl.ac.uk
Tue, 14 Mar 2000 08:42:57 +0000
Hi all,
I'm using Evan Simpsons' XXX-PythonMethods with great results (after
a few false starts due to my ignorance!). However, in Guarded.py we
have the following;
# BEWARE OF THE LEOPARD!
# Set 'do_XXX' true to allow creation of XXXPythonMethods
# and ADD A MASSIVE GAPING SECURITY HOLE to Zope.
# DON'T DO THIS unless you use secure connections for ALL OF
# YOUR ADMINISTRATION or are RECKLESS and/or FEARLESS.
# Even if you DON'T create ANY XXXPythonMethods, just turning this
# on will PUT YOU AT RISK BIGTIME!
Of course, I then set
do_XXX=1 :)
I only ever run my Zope servers under a non-priviledged account.
Can anyone explain what sort of leopards I should look out for, as I
can see that I'd want to use XXX-PythonMethods for a lot more things.
Tone
ps the icon for the XXX-PythonMethod object is way cool! :)
------
Dr Tony McDonald, FMCC, Networked Learning Environments Project
http://nle.ncl.ac.uk/
The Medical School, Newcastle University Tel: +44 191 222 5888
Fingerprint: 3450 876D FA41 B926 D3DD F8C3 F2D0 C3B9 8B38 18A2