[Zope] Re: type in python scripts
Paul Winkler
pw_lists at slinkp.com
Tue Jun 1 21:04:47 EDT 2004
On Tue, Jun 01, 2004 at 06:40:05PM -0400, David A. Riggs wrote:
> What I'd really like is to be able to turn off Zope's fascist
> security "features" in certain cases. If I'm working with a
> small team of trusted developers, I want to make things as
> easy as possible for them...the Zope learning curve is steep
> enough as it is. If the argument is to protect the system from
> cases where the end user could execute arbitrary code, then
> there are much more immediate problems!
You can already declare modules, classes, and types safe to import
for TTW code. Just create a trivial Product that contains
an __init__.py with this code:
from AccessControl import allow_module, allow_class, allow_type
# let scripts import the re module.
allow_module('re')
# let scripts instantiate and call methods of myclass.
allow_class(myclass)
# let scripts instantiate and call methods of mytype.
allow_type(mytype)
Notably absent is a way to declare builtin functions as safe, but
you could work around that pretty easily - e.g. create a module
with wrapper functions and declare that module importable.
--
Paul Winkler
http://www.slinkp.com
More information about the Zope
mailing list