[Zope-dev] Re: RestrtrictedPython vs zope.security.untrustedpython
Chris Withers
chris at simplistix.co.uk
Tue Nov 20 05:24:23 EST 2007
Martijn Faassen wrote:
> One bit that might be problematic is 'proxy leaking'. I imagine if you
> use this you're going to leak proxied objects into the rest of your
> system whenever you make a call into your system.
Actually, I'm hoping I can have anything content-object like "always
proxied".
One of my original two requirements (which I linked to before) is the
ability for "the system" to just work with objects and have them
complain if you're not allowed to access them, rather than having to
remember that just because you're in "trusted code" the user that the
trusted code is executing on behalf of will "see everything"...
> Traditional Zope 2 doesn't work that way: as soon as you make a call
> from your Python script, the underlying code that is being called is
> trusted. No proxies anywhere (well, except the ubiquitous acquisition
> proxies..).
Indeed, sometimes this is handy, sometimes it causes problems...
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Zope-Dev
mailing list