[Zope] [ANN] ZShell 0.2
Sat, 5 May 2001 15:37:11 +0200
On Sat, May 05, 2001 at 02:31:14PM +0200, Hannu Krosing wrote:
> Michel Pelletier wrote:
> > Something that is dangerous about this script is that it does no security
> > checking at all. Anyone one user with acces to the shell is essentialy
> > promoted to a superuser through the shell. It would not be difficult for
> > you to add security checkpoints to you code using the explicit
> > securitymanager api documented in the developer's guide.
> > http://sourceforge.net/projects/zope-devel/
> It claims that "This Project Has Not Released Any Files".
> Does it mean that I am supposed to get stuff from CVS ?
I've just seen the same message, so I've browsed the files with cvsweb,
and now I better understand Michel's concerns: it seems as External methods
run completely unrestricted by default, which I ignored until I read this