[Zope] Zope+Python source-code security

[Paul Erickson]

Pawel Lewicki wrote:

>>What will you use if you don't use Zope?
>>    
>>
>
>The task is to build an application with www front-end building structure in
>xml (not necessarily) and building dynamic sql queries. It should run on
>many platforms (Windows/Unix). I have no experience with scripting languages
>except for VB so the effort taken to get experience with any chosen platform
>would be comparable. The problem is that the number of supported solutions
>given in Python and Zope would allow to focus on software architecture not
>low level programming.
>What would you suggest?
>
>Pawel Lewicki
>  
>
I've never been involved in a project where the client wasn't allowed to 
see the source code...

It sounds like you need to use something that is both compiled and not 
decompileable.  This eliminates Java, Python, PHP, Perl, ruby.  It 
probably also eliminates .Net - you could ship just the intermediate 
language stuff, but then they could see and possibly modify that.

In my world, that leaves you with C and C++, which aren't real great for 
web development, because of development time and potential core dumps.

I suppose that you could write a few python extensions in C/C++ that do 
some critical database access or some core business logic, that would 
return python structures to Zope for formatting/display.

Sounds like a tough position to be in.

Good luck,

-Paul