[Checkins] SVN: zope2docs/trunk/zope2book/ Change some of the wording, to make it clearer that restricted scripts don't protect you from malicious users.
hannosch at hannosch.eu
Thu Oct 28 08:58:41 EDT 2010
Log message for revision 118002:
Change some of the wording, to make it clearer that restricted scripts don't protect you from malicious users.
--- zope2docs/trunk/zope2book/BasicObject.rst 2010-10-28 12:57:38 UTC (rev 118001)
+++ zope2docs/trunk/zope2book/BasicObject.rst 2010-10-28 12:58:41 UTC (rev 118002)
@@ -380,8 +380,10 @@
restricted Python modules, and that they cannot directly access files on
your file system. This is a security feature, as it allows site
administrators to safely delegate the ability to create logic in Python to
-untrusted or "semi-trusted" users. For more information about Zope's
-security features, see `Users and Security <Security.html>`_.
+less knowledgeable users. The security restrictions aren't stringent enough
+to prevent malicious users from damaging the system. They are only meant as
+a safety belt beginners. For more information about Zope's security features,
+see `Users and Security <Security.html>`_.
Creating a Script (Python)
--- zope2docs/trunk/zope2book/ScriptingZope.rst 2010-10-28 12:57:38 UTC (rev 118001)
+++ zope2docs/trunk/zope2book/ScriptingZope.rst 2010-10-28 12:58:41 UTC (rev 118002)
@@ -1106,13 +1106,13 @@
Security Restrictions of Script (Python)
-Scripts are restricted in order to limit their ability
-to do harm. What could be harmful? In general, scripts
-keep you from accessing private Zope objects, making harmful
-changes to Zope objects, hurting the Zope process itself, and
-accessing the server Zope is running on. These restrictions
-are implemented through a collection of limits on what your
-scripts can do.
+Scripts are restricted in order to limit their ability to do harm. What
+could be harmful? In general, scripts keep you from accessing private Zope
+objects, making unauthorized changes to Zope objects and accessing the server
+Zope is running on. These restrictions are implemented through a collection of
+limits on what your scripts can do. The limits are not effective enough to
+prevent malicious users from harming the Zope process on purpose. They only
+provide a safety belt against accidental bad code.
Scripts cannot create infinite loops. If your script
@@ -1121,6 +1121,9 @@
loops. The reason for this restriction is to limit your ability to
hang Zope by creating an infinite loop.
+ This limit does not protect you from creating other sorts of infinite
+ recursions and it's still possible to hang the Zope process.
Scripts cannot import arbitrary
packages and modules. You are limited to importing the
@@ -1129,8 +1132,7 @@
(*string*, *random*, *math*, *sequence*), and modules
which have been specifically made available to scripts
by product authors. See `Appendix B: API Reference`_
- for more information on these
+ for more information on these modules.
You are restricted by standard Zope
More information about the checkins