[Zope] [ANN] ZShell 0.2

Jerome Alet alet@unice.fr
Sat, 5 May 2001 15:37:11 +0200

On Sat, May 05, 2001 at 02:31:14PM +0200, Hannu Krosing wrote:
> Michel Pelletier wrote:
> > 
> > Something that is dangerous about this script is that it does no security
> > checking at all.  Anyone one user with acces to the shell is essentialy
> > promoted to a superuser through the shell.  It would not be difficult for
> > you to add security checkpoints to you code using the explicit
> > securitymanager api documented in the developer's guide.
> > 
> > http://sourceforge.net/projects/zope-devel/
> It claims that "This Project Has Not Released Any Files". 
> Does it mean that I am supposed to get stuff from CVS ?

I've just seen the same message, so I've browsed the files with cvsweb,
and now I better understand Michel's concerns: it seems as External methods
run completely unrestricted by default, which I ignored until I read this 


Jerome Alet