[Zope] manage_addPythonScript

Dieter Maurer dieter@handshake.de
Fri, 16 May 2003 21:49:05 +0200


Charles Zealey wrote at 2003-5-15 23:45 +0100:
 >            Thank you.  I think I was 90% there but that's failure!  Can you
 > tell me if my failure to access PythonScript due to file permissions, role
 > security attributes, or Zope paranoia (need to use external method??)?

Most Python modules are dangerous (when exposed to the Web).
They must not be imported by untrusted code.

Beginning with Zope 2.2, Zope.com changed policy.
Formerly, everything not explicitly forbidden was allowed.
Now, everything not explicitly allowed is forbidden.

As a consequence, you have a very limited set of modules
you can import. Many harmless modules are not importable
because nobody took the time to proof they are indeed harmless.

Reading "PythonScripts/README.txt", you can find out,
how you can declare for your Zope installation that you
are sure that a module is harmless and can be imported.

 > It  certainly does not fail cleanly and I have raised the bug.

Fine.


Dieter