[ZDP] BackTalk to Document The Zope Book (2.5 Edition)/Appendix B: API Reference
Mon, 23 Sep 2002 12:14:27 -0400
A comment to the paragraph below was recently added via http://www.zope.org/Documentation/Books/ZopeBook/current/AppendixB.stx#2-187
Python Scripts can contain a "safe" subset of the python language.
Python Scripts must be safe because they can be potentially edited by
many different users through an insecure medium like the web. The
following safety issues drive the need for secure Python Scripts:
o Because many users can use Zope, a Python Script must make sure it
does not allow a user to do something they are not allowed to do,
like deleting an object they do not have permission to delete.
Because of this requirement, Python Scripts do many security checks
in the course of their execution.
o Because Python Scripts can be edited through the insecure medium of
the web, they are not allowed access to the Zope server's
file-system. Normal Python builtins like 'open' are, therefore,
o Because many standard Python modules break the above two security
restrictions, only a small subset of Python modules may be imported
into a Python Scripts with the "import" statement unless they have
been validated by Zope's security policy. Currently, the following
standard python modules have been validated:
o whrandom and random
o Because it allows you to execute arbitrary python code, the python
"exec" statement is not allowed in Python methods.
o Because they may represent or cause security violations, some
Python builtin functions are not allowed. The following
Python builtins are not allowed:
o Other builtins are restricted in nature. The following builtins
range -- Due to possible memory denial of service attacks, the
range builtin is restricted to creating ranges less than 10,000
filter, map, tuple, list -- For the same reason, builtins
that construct lists from sequences do not operate on strings.
getattr, setattr, delattr -- Because these may enable Python
code to circumvent Zope's security system, they are replaced with
custom, security constrained versions.
o In order to be consistent with the Python expressions
available to DTML, the builtin functions are augmented with a
small number of functions and a class:
o Because the "print" statement cannot operate normally in Zope,
its effect has been changed. Rather than sending text to
stdout, "print" appends to an internal variable. The special
builtin name "printed" evaluates to the concatenation of all
text printed so far during the current execution of the
% Anonymous User - Sep. 23, 2002 12:14 pm:
What about the python function "id"? It seems to be restricted to.