[Zope] Storing DTML in SQL
Richard Harley
richard at scholarpack.com
Wed Aug 18 12:43:26 EDT 2010
On 18/08/10 17:38, Andrew Milton wrote:
> +-------[ Garry Saddington ]----------------------
> | Andrew Milton wrote:
> |> +-------[ Garry Saddington ]----------------------
> |> | Garry Saddington wrote:
> |> |> Justin Dunsworth wrote:
> |> |>> I am currently working on a project where I am storing HTML within a
> |> |>> MySQL database to display dynamic pages and content in sequences. I
> |> |>> would like to be able to store DTML within the tables as well and be
> |> |>> able to call them within the page to display that content. I tried
> |> |>> mixing the DTML in with the HTML and it shows the HTML correctly but no
> |> |>> DTML.
> |> |>>
> |> |>> Is it possible to even do this? Are there other suggestions on how to go
> |> |>> about this?
> |> |>
> |> |> The closest I have found is on Zopelabs
> |> |> (http://www.zopelabs.com/cookbook/1078612026)
> |> |
> |> | Sorry wrong recipe try this:
> |> |
> |> | http://www.zopelabs.com/cookbook/993850737/1011691351
> |>
> |> Do I really have to explain why that particular recipe is a bad idea? d8)
> |>
> | Just trying to be helpful. I did say that it was the only thing I can
> | find and I did not recommend it.
> | If you would care to share the problems of the recipe on the list then I
> | am sure all those reading who are new to Zope would benefit;)
>
> Since python scripts are web callable and something has to be passed
> in... The phrase "execute arbitrary code" is nearly always quickly
> followed by the phrase "remote exploit" and lots of sad faces (and
> then some finger pointing d8)
>
>
If that is the case, aren't all python scripts within Zope potentially
exploitable?
More information about the Zope
mailing list