[Zope] XXX-PythonMethods caveats?

Evan Simpson evan@4-am.com
Wed, 15 Mar 2000 09:51:17 -0500


----- Original Message -----
From: Tony McDonald <tony.mcdonald@ncl.ac.uk>
> <sigh>
> Ok, I probably shouldn't use them then.
> </sigh>

Don't let me discourage you too much.  If you can isolate your Zope, you're
pretty safe.  That means a private or development installation only.  If you
are the only person allowed to touch the management interface, and you
really bite the bullet and do all of your administration through SSL, you
*might* be safe in production.

> But (you knew there was going to be a but :). They are *so* useful.
[snip]
> Which is fair enough as the docs on the Zope site say import is
> controlled. Can you please be a bit more explicit and let me know
> *what* I can import? The Python code is a bit over my head...

Right now, they are controlled into oblivion; I have vague plans to allow
some sort of safe import, but no clear idea what would truly be safe other
than trivial "you can use import as another way to spell x = self.foo"
stuff.

> <compromise>
> Would you say that you could use a XXX PythonMethod to debug code
> that is going to become an External Method?
> </compromise>

That should work well.  XXXPythonMethods and External Methods have very
similar semantics.

Cheers,

Evan @ digicool & 4-am