[Zope-dev] Announce: PythonMethod 0.0.1
Evan Simpson
evan@4-am.com
Tue, 07 Sep 1999 16:45:19 -0500
Andreas Kostyrka wrote:
> Now, just insert a local variable, increment it on each loop iteration.
> Set an unreasonable high limit like 500000 iterations.
That's what I meant by inserting test code near jumps, actually :) This is such a
low priority for me because of the number of deliberate denial of service attacks I
know of which this would not solve. I may still implement it as a safety net for
mistakes, rather than attacks.
> Additionally, you should consider making a copy of builtins, and use it
> instead of the orginal, so the python method is executed in Safe mode.
> While this might force hardcore Python hackers to use external methods,
> it would magically close all loopholes like accessing __dict__, code block
> attributes, etc.
Already done. Right now __builtins__ is empty, but I'll probably just swipe the
same set DTML objects use. I also plan to pervert 'import' to access the ZODB
hierarchy instead of the filesystem.