[Zope] build a safe proxy

Eric Bréhault ebrehault at gmail.com
Fri Mar 16 04:18:10 EDT 2007


What I am trying to do is to build a Lotus Domino-like toolkit under
Zope/Plone, so basically my product allows people to build their own
groupware-oriented business applications directly from the Plone user
interface (by designing forms, views, etc...).

One important aspect is the ability to create custom action buttons or
custom scheduled agents to automate some basic processes over the managed
content.

As I do not plan to develop my own script language to do it, I thought I
could use directly Python, and run it using exec.

And yes, it would be insane if it was not controlled and restricted. That is
precisely what I am working on.

Eric BREHAULT
http://www.brehault.net/plomino/

On 3/15/07, Jens Vagelpohl <jens at dataflake.org> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> On 15 Mar 2007, at 21:19, Eric Bréhault wrote:
> > What would you recommend ? What is the 'official' way to run an
> > untrusted python code with exec and control what this code can do
> > or not ?
>
> There is no official way because running untrusted code with "exec"
> is an insane proposition.
>
> jens
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (Darwin)
>
> iD8DBQFF+bmzRAx5nvEhZLIRArJQAJ9pyWSElVLIzfJJrA1V95gAem7+FwCgthjU
> KIBdb/VcWDlWfC0Tzc4dJ2g=
> =gVBx
> -----END PGP SIGNATURE-----
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20070316/a3fe22e6/attachment.htm


More information about the Zope mailing list