[Zope] Management interface for Extensions/Import folder

Juergen R. Plasser / Hexagon plasser@hexagon.at
Mon, 11 Mar 2002 16:46:59 +0100


On Mon, 11. M=E4rz 2002 10:05 -0500 Joel Burton <joel@joelburton.com> =
wrote:

> Python Extensions can execute without *any* security checks (unlike
> Zope's PythonScripts). Being able to edit them through-the-web would be
> more risky, as a mistake in your Zope permissions would let someone
> execute arbitrary code not just in Zope-land, but on your actual =
computer.
>
> I'd think about this before implementing anything.

Ok, that's right! I didn't mind security reasons...
But for any object in Zope it is true that a mistake in the permissions=20
could be risky. I have to admit that then the risk is more located in=20
Zope-land.

--
Juergen Plasser
plasser@hexagon.at