[Zope] re module & through the web security
Chris McDonough
chrism@digicool.com
Wed, 6 Sep 2000 11:17:02 -0400
If you're concerned about the availability of various modules within
PythonMethods, you should participate in the PythonMethods project wiki,
probably at the page
http://dev.zope.org/Wikis/DevSite/Projects/PythonMethods/CurrentIssues.
> -----Original Message-----
> From: Dan L. Pierson [mailto:dan@sol.control.com]
> Sent: Wednesday, September 06, 2000 10:14 AM
> To: Chris Withers
> Cc: Chris McDonough; T.J. Mannos; Marcus Mendes; zope@zope.org
> Subject: Re: [Zope] re module & through the web security
>
>
> Chris Withers writes:
> > Chris McDonough wrote:
> > > There's the perception at DC that
> > > 're' isn't appropriate for through-the-web usage because
> it's possible to
> > > write and use regex that sends the Python interpreter thread it's
> > > operating within into a neverending loop. Sorry.
>
> [snip]
>
> > It seems like that perception is hobbling Python Methods,
> in particular,
> > by removing useful stuff like the re module because the
> assumption is
> > being made that people editing TTW code will be untrusted.
>
> I think the re module is a good example for arguing that DTML and
> Python Methods should have different criteria for deciding what
> modules are available (and separate permissions for users, if they
> don't already).
>
> Somehow, the idea of mixing regexps and DTML gives me chills, but I
> agree that it is a perfectly reasonable tool to want to use
> in Python Methods.
> This relates more the crusade to depricate DTML programming
> as opposed
> to DTML report writing than it does to security concerns.
>
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )
>