[Zope] Regular expressions insecurity?
Tue Wennerberg
tue@wennerberg.dk
Tue, 21 Jan 2003 22:26:32 +0100
Paul Winkler wrote:
>
> The point is that *any* module you import in zope ttw code must
> have certain security assertions, or you'll be denied access
> when you try to run the script. Allowing re to be imported
> would require writing a python wrapper to the re module (which is
> in C), and adding these security assertions to the wrapper.
> Nobody has taken the time to do this and post it publically.
>
> It doesn't matter if the module is deemed a security risk
> or not. No security assertions? Import is not allowed
> except in External Methods and filesystem Products. No exceptions.
Excellent! Thank you for your precise answer! That's the piece of
information I didn't have!
Regards,
Tue Wennerberg
Civilingeniør og Freelance Udvikler
http://tuewennerberg.dk/ - tue@wennerberg.dk - (+45) 4043 6735