[ZDP] BackTalk to Document The Zope Book (2.5 Edition)/Advanced Zope Scripting

webmaster@zope.org webmaster@zope.org
Fri, 27 Sep 2002 15:46:39 -0400


A comment to the paragraph below was recently added via http://www.zope.org/Documentation/Books/ZopeBook/current/ScriptingZope.stx#3-96

---------------

      Despite these limits, a determined user could use large amounts
      of CPU time and memory using Python-based Scripts. So malicious
      scripts could constitute a kind of denial of service attack by
      using lots of resources. These are difficult problems to solve
      and DTML suffers from the same potential for abuse. As with
      DTML, you probably shouldn't grant access to scripts to
      untrusted people.

        % Anonymous User - July 26, 2002 7:46 am:
         When I tried to define a class with a 
            def __init__(self):
         in it, Zope told me, variables should not start with letter '_' .
         I think this must be some kind of security restriction that is worth mentioning, because the '__init__'
         function is something very common.

        % Anonymous User - Sep. 27, 2002 3:46 pm:
         What can i really do in a script? AFAIK
         Write one single function, ie. the script is the body of ONE function.
         No modules or classes in script bodys, hence no names starting w "_".
         Please exülain. blf