What I am trying to do is to build a Lotus Domino-like toolkit under Zope/Plone, so basically my product allows people to build their own groupware-oriented business applications directly from the Plone user interface (by designing forms, views, etc...).
<br><br>One important aspect is the ability to create custom action buttons or custom scheduled agents to automate some basic processes over the managed content.<br><br>As I do not plan to develop my own script language to do it, I thought I could use directly Python, and run it using exec.
<br><br>And yes, it would be insane if it was not controlled and restricted. That is precisely what I am working on.<br><br>Eric BREHAULT<br><a href="http://www.brehault.net/plomino/">http://www.brehault.net/plomino/</a><br>
<br><div><span class="gmail_quote">On 3/15/07, <b class="gmail_sendername">Jens Vagelpohl</b> <<a href="mailto:jens@dataflake.org">jens@dataflake.org</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
-----BEGIN PGP SIGNED MESSAGE-----<br>Hash: SHA1<br><br><br>On 15 Mar 2007, at 21:19, Eric Bréhault wrote:<br>> What would you recommend ? What is the 'official' way to run an<br>> untrusted python code with exec and control what this code can do
<br>> or not ?<br><br>There is no official way because running untrusted code with "exec"<br>is an insane proposition.<br><br>jens<br><br><br>-----BEGIN PGP SIGNATURE-----<br>Version: GnuPG v1.4.5 (Darwin)<br>
<br>iD8DBQFF+bmzRAx5nvEhZLIRArJQAJ9pyWSElVLIzfJJrA1V95gAem7+FwCgthjU<br>KIBdb/VcWDlWfC0Tzc4dJ2g=<br>=gVBx<br>-----END PGP SIGNATURE-----<br>_______________________________________________<br>Zope maillist - <a href="mailto:Zope@zope.org">
Zope@zope.org</a><br><a href="http://mail.zope.org/mailman/listinfo/zope">http://mail.zope.org/mailman/listinfo/zope</a><br>** No cross posts or HTML encoding! **<br>(Related lists -<br> <a href="http://mail.zope.org/mailman/listinfo/zope-announce">
http://mail.zope.org/mailman/listinfo/zope-announce</a><br> <a href="http://mail.zope.org/mailman/listinfo/zope-dev">http://mail.zope.org/mailman/listinfo/zope-dev</a> )<br></blockquote></div><br>