[Zope] List of safe libraries

Joel Burton joel@joelburton.com
Fri, 26 Jul 2002 16:21:21 -0400 

This is a multi-part message in MIME format.

------=_NextPart_000_0052_01C234C0.7A5FA950
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

>From $ZOPE/lib/python/Products/PythonScripts/standard.py, it would appear
that you have access to those things DTML already gives you (DateTime, math,
string) plus the PythonScript.standard utils (formatting as structured text,
html_quoted, etc.), and the RestrictedDTML class.

There's info in this folder (in module_access_examples.py) on how to access
other modules, and it gives some advice on which standard Python modules are
safe, semi-safe, or ready for inclusion into Outlook.

HTH.


--
Joel BURTON  |  joel@joelburton  |  www.joelburton.com  |  aim:wjoelburton
Information Technology & Knowledge Management Consultant


> -----Original Message-----
> From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of
> abg@comco-inc.com
> Sent: Friday, July 26, 2002 12:42 PM
> To: zope@zope.org
> Subject: RE: [Zope] List of safe libraries
>
>
> Actually, I was wondering if there is a "Master List" of libraries and
> modules that one is authorized to import into a python script object.
>
> -----Original Message-----
> From: Joel Burton [mailto:joel@joelburton.com]
> Sent: Friday, July 26, 2002 11:28 AM
> To: Aaron Gillette
> Subject: RE: [Zope] List of safe libraries
>
>
> It's a little fuzzy... what constitutes safe? Even without any additional
> libraries, a clever coder can hang a Zope thread using just PythonScripts.
>
> Regular expressions, for instance, are safe in that they won't
> let you write
> to the filesystem or do other serious damage, but you can easily write a
> regex that will never finish, hanging that Zope thread.
>
> Can you be more specific about who will be allowed to write these scripts?
> Semi-trusted internal users? Complete strangers?
>
> - J.
>
> --
> Joel BURTON  |  joel@joelburton  |  www.joelburton.com  |  aim:wjoelburton
> Information Technology & Knowledge Management Consultant
>
>
> > -----Original Message-----
> > From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of
> > abg@comco-inc.com
> > Sent: Friday, July 26, 2002 12:29 PM
> > To: zope@zope.org
> > Subject: [Zope] List of safe libraries
> >
> >
> > Does anyone keep a list of libraries that are safe for import
> into python
> > script objects?
> >
> > Thanks,
> >
> > Aaron Gillette
> > abg@comco-inc.com
> >
> > Comco, Inc.
> > The Source for Data Pros WorldWide.
> > Specializing in large-format tape drives (3480, 3490, 3490e, 3590 &
> > 9-track), data translation services and data management software.
> >
> > _______________________________________________
> > Zope maillist  -  Zope@zope.org
> > http://lists.zope.org/mailman/listinfo/zope
> > **   No cross posts or HTML encoding!  **
> > (Related lists -
> >  http://lists.zope.org/mailman/listinfo/zope-announce
> >  http://lists.zope.org/mailman/listinfo/zope-dev )
> >
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>

------=_NextPart_000_0052_01C234C0.7A5FA950
Content-Type: text/x-vcard;
	name="Joel Burton.vcf"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
	filename="Joel Burton.vcf"

BEGIN:VCARD
VERSION:2.1
N:Burton;Joel
FN:Joel Burton
ORG:Joel Burton & Associates
TITLE:Principal
TEL;WORK;VOICE:(202) 483-7168
TEL;HOME;VOICE:(202) 483-7168
TEL;CELL;VOICE:(202) 251-4877
ADR;WORK:;;1705 P St NW #43;Washington;DC;20036;United States of America
LABEL;WORK;ENCODING=3DQUOTED-PRINTABLE:1705 P St NW =
#43=3D0D=3D0AWashington, DC 20036=3D0D=3D0AUnited States of America
ADR;HOME:;;1705 P St NW #43;Washington;DC;20036;United States of America
LABEL;HOME;ENCODING=3DQUOTED-PRINTABLE:1705 P St NW =
#43=3D0D=3D0AWashington, DC 20036=3D0D=3D0AUnited States of America
URL;WORK:http://joelburton.com
ROLE:Information Technology
BDAY:19721012
EMAIL;PREF;INTERNET:joel@joelburton.com
REV:20011203T044543Z
END:VCARD

------=_NextPart_000_0052_01C234C0.7A5FA950--