[Zope] Python Script Problem

Jason Cunliffe jasonic@nomadicsltd.com
Thu, 19 Apr 2001 09:17:38 -0400


From: "Chris Withers" <chrisw@nipltd.com>
> > There ought to be an environment
> > variable, off by default for these particular "security" measures.
>
> Either that or a permission or something, which would be more flexible.
> Could something similar be added to so something like:
> 'I trust this user to only import sensible modules'
> ...so that we don't have to go through pain every time someone needs
access to a
> standard python module (like re for example ;-)

Yes, it is shame to not have import more accessible in Scripts(Python)
PythonMethods has the XXX flag in 'Guarded.py'

# BEWARE OF THE LEOPARD!
# Set 'do_XXX' true to allow creation of XXXPythonMethods
#
do_XXX = 0
..etc..

This seems reasonable if raw to me. One could factor out the XXX flag into a
separate External Python Method so advanced users one could more cleanly and
finely set conditions for it without disturbing the default installed code.
That way people could build permission-oriented DTML or whatever on top of
the XXX.py External Method.

It's probably way more complicated than this.. just my 0.02

--Jason
___________________________________________________________
Jason CUNLIFFE = NOMADICS['Interactive Art and Technology']