[Zope] what about a dtml-python tag ?

[Hung Jung Lu]

jerome alet <ale-@unice.fr> wrote:
>what about adding a new dtml tag called dtml-python useable this way:

I don't like the current DTML, but this beast is there
for two good reasons:

(1) security.
(2) garbage collection.

Your suggestion is good, but it's just too hard to
implement an interpreter for a sub-dialect of Python
that is secure. Keep in mind that hackers can
potentially obtain admin passward of your site and
edit your DTMLs, you really don't want anything in
DTML that compromises security. Any thing vital should
be pushed from ZODB to local file system.

Another thing is: your website potentially can be hit
by thousand or millions of people, when you create
the functions/objects, you have to think about cleaning
it up after being used. The current scheme is to use
stack approach and the REQUEST variable.

Hung Jung

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com