[Zope] DTML, Zope and Regex

Paul Winkler pw_lists@slinkp.com
Wed, 10 Jul 2002 14:29:53 -0400

On Wed, Jul 10, 2002 at 01:32:39PM -0400, Jorge O. Martinez wrote:
> I think I am beginning to understand the scope of the decision to exclude 
> regex support: more security for the future Zope ISP's vs less convenience 
> for the future Zope developers; however, don't you all think that potential 
> Zope developers may be discouraged when they know they have to contact 
> their ISP to install an external method or product

If you have to contact your ISP to install an external method or
product, I suggest looking for another ISP.

> Wouldn't it be better to somehow limit how much 'damage' developers can do 
> in their own work area (via the Monster module, or zoped.ini for example), 
> and give them enough rope to hang themselves, but not to crash the system. 
> Don't know if that is possible, just an idea.

It's a nice idea. I don't know if it's possible either...
or how much work it would take. Compared to "let's disable re in python
scripts", it will surely be an enormous amount of work... so I don't
expect we'll see this anytime soon. Feel free to prove me wrong. :)


Paul Winkler
home:  http://www.slinkp.com
"Muppet Labs, where the future is made - today!"