[Zope-Checkins] CVS: Zope/lib/python/Products/PythonScripts - README.txt:1.2.180.1 module_access_examples.py:1.3.6.1

Chris Withers chrisw@nipltd.com
Mon, 6 Jan 2003 10:59:00 -0500


Update of /cvs-repository/Zope/lib/python/Products/PythonScripts
In directory cvs.zope.org:/tmp/cvs-serv3184/lib/python/Products/PythonScripts

Modified Files:
      Tag: Zope-2_6-branch
	README.txt module_access_examples.py 
Log Message:
Collector #685: Improved documentation explaining how, where and 
       why security assertions should be placed. merge from HEAD.

=== Zope/lib/python/Products/PythonScripts/README.txt 1.2 => 1.2.180.1 ===
--- Zope/lib/python/Products/PythonScripts/README.txt:1.2	Thu Feb 15 11:01:35 2001
+++ Zope/lib/python/Products/PythonScripts/README.txt	Mon Jan  6 10:58:57 2003
@@ -56,4 +56,20 @@
       o Restart your Zope server. After restarting, the modules you enabled
         in your custom product will be available to Python scripts.
 
+    NB --  Placing security assestions within the package/module you are trying 
+           to import will not work unless that package/module is located in
+           your Products directory.
+ 
+           This is because that package/module would have to be imported for its
+           included security assertions to take effect, but to do
+	   that would require importing a module without any security
+           declarations, which defeats the point of the restricted
+           python environment.
+
+           Products work differently as they are imported at Zope startup.
+           By placing a package/module in your Products directory, you are
+           asserting, among other things, that it is safe for Zope to check 
+           that package/module for security assertions. As a result, please 
+           be careful when place packages or modules that are not Zope Products 
+	   in the Products directory.
         


=== Zope/lib/python/Products/PythonScripts/module_access_examples.py 1.3 => 1.3.6.1 ===
--- Zope/lib/python/Products/PythonScripts/module_access_examples.py:1.3	Wed Aug 14 18:25:08 2002
+++ Zope/lib/python/Products/PythonScripts/module_access_examples.py	Mon Jan  6 10:58:57 2003
@@ -13,6 +13,23 @@
 You can, of course, add your own code to your "__init__.py" for
 modules that are not listed below.  The list is not comprehensive,
 but is provided as a decent cross-section of modules.
+
+NB:  Placing security assestions within the package/module you are trying 
+     to import will not work unless that package/module is located in
+     your Products directory.
+ 
+     This is because that package/module would have to be imported for its
+     included security assertions to take effect, but to do
+     that would require importing a module without any security
+     declarations, which defeats the point of the restricted
+     python environment.
+
+     Products work differently as they are imported at Zope startup.
+     By placing a package/module in your Products directory, you are
+     asserting, among other things, that it is safe for Zope to check 
+     that package/module for security assertions. As a result, please 
+     be careful when place packages or modules that are not Zope Products 
+     in the Products directory.
 '''
 
 from AccessControl import allow_module, allow_class, allow_type