[Zope] safe read-only access to acquisition parent objects
Eric Bréhault
ebrehault at gmail.com
Wed Mar 7 04:32:45 EST 2007
Hello,
Thank you for your answer Dieter.
Indeed, I have been looking in all the restricted interpreter things.
I have been reading zope\security\untristedinterpreter.txt, and I think it
is probably what I need.
The thing is I don't know how to produce a security proxy which would allow
any 'get' access and forbide any 'set' access.
I understand I have to use ProxyFactory, but I don't understand how I can
configure my own Checker that would grant the access policy I want.
If anybody have some knowledge about it, any help would be appreciated.
Thanks
On 3/6/07, Dieter Maurer <dieter at handshake.de> wrote:
>
> Eric Bréhault wrote at 2007-3-5 13:14 +0100:
> >I have build a Plone product which allows users to enter a piece of
> Python
> >code.
> >This way, users can easily define their own actions without changing the
> >product source code.
> >
> >Those pieces of code are executed using the exec Python command.
>
> I would instead use TALES expressions of type python.
>
> There are restricted -- which is very essential if you cannot
> fully trust your users.
>
>
>
> --
> Dieter
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20070307/99f93d41/attachment.htm
More information about the Zope
mailing list