[Zope] re module & through the web security

Chris Withers chrisw@nipltd.com
Wed, 06 Sep 2000 10:43:32 +0100


Chris McDonough wrote:
> There's the perception at DC that
> 're' isn't appropriate for through-the-web usage because it's possible to
> write and use regex that sends the Python interpreter thread it's
> operating within into a neverending loop.  Sorry.

Am I the only one who thinks this is silly?

One of Zope's key strengths is its granular security, right?
So why isn't it the reponsibility of the site
designer/maintainer/owner/whatever to ensure that only people he trusts
have the ability to write DTML?

It seems like that perception is hobbling Python Methods, in particular,
by removing useful stuff like the re module because the assumption is
being made that people editing TTW code will be untrusted.

IMH(umble), either you don't have confidence in Zope's security, or
you're assuming your users are stupid (that may be fair for a lot of us,
but still ;-)

Comments? :-)

Chris