[Zope] re module & through the web security

[Tino Wildenhain]

Hi,

Chris Withers wrote:
> 
> Chris McDonough wrote:
> > There's the perception at DC that
> > 're' isn't appropriate for through-the-web usage because it's possible to
> > write and use regex that sends the Python interpreter thread it's
> > operating within into a neverending loop.  Sorry.
> 
> Am I the only one who thinks this is silly?
> 
> One of Zope's key strengths is its granular security, right?
> So why isn't it the reponsibility of the site
> designer/maintainer/owner/whatever to ensure that only people he trusts
> have the ability to write DTML?
> 
> It seems like that perception is hobbling Python Methods, in particular,
> by removing useful stuff like the re module because the assumption is
> being made that people editing TTW code will be untrusted.
> 
> IMH(umble), either you don't have confidence in Zope's security, or
> you're assuming your users are stupid (that may be fair for a lot of us,
> but still ;-)
> 
> Comments? :-)
> 
I think the granularity could be finer. If one could give some users
access to more 'riscy' modules and some not, it schould be sufficient.

I schould write a proposal for thru the web python products... *g*

Greetings
Tino