[Zope] Security and resposability
Dieter Maurer
dieter@handshake.de
Sun, 16 Jun 2002 22:37:28 +0200
Chris McDonough writes:
> With regards to the restrictions on certain Python functions within
> Zope, eval is definitely a no-no (as you could cause code to be executed
> that you otherwise would not have privileges to execute, perhaps
> something like "eval('context.Control_Panel.manage_shutdown()')".
But Zope could expose safe versions of a set of urgently missing
functions, example:
has_attribute(obj,attr) (defined as "hasattr(aq_base(obj),attr)")
safe_eval (implemented the same way as evaluation in DTML or Page Template)
> But
> I'm afraid I can't actually think up a scenario where deepcopy or copy
> would cause problems.
What, when I try to "deepcopy" the application root.
I can imagine that this operation is quite a big load for a large
Zope site.
Dieter