[Zope] Storing DTML in SQL

Andrew Milton akm at theinternet.com.au
Wed Aug 18 12:45:36 EDT 2010


+-------[ Richard Harley ]----------------------
| On 18/08/10 17:38, Andrew Milton wrote:
| > +-------[ Garry Saddington ]----------------------
| > | Andrew Milton wrote:
| > |>  +-------[ Garry Saddington ]----------------------
| > |>  | Garry Saddington wrote:
| > |>  |>  Justin Dunsworth wrote:
| > |>  |>>  I am currently working on a project where I am storing HTML within a
| > |>  |>>  MySQL database to display dynamic pages and content in sequences. I
| > |>  |>>  would like to be able to store DTML within the tables as well and be
| > |>  |>>  able to call them within the page to display that content. I tried
| > |>  |>>  mixing the DTML in with the HTML and it shows the HTML correctly but no
| > |>  |>>  DTML.
| > |>  |>>
| > |>  |>>  Is it possible to even do this? Are there other suggestions on how to go
| > |>  |>>  about this?
| > |>  |>
| > |>  |>  The closest I have found is on Zopelabs
| > |>  |>  (http://www.zopelabs.com/cookbook/1078612026)
| > |>  |
| > |>  | Sorry wrong recipe try this:
| > |>  |
| > |>  | http://www.zopelabs.com/cookbook/993850737/1011691351
| > |>
| > |>  Do I really have to explain why that particular recipe is a bad idea? d8)
| > |>
| > | Just trying to be helpful. I did say that it was the only thing I can
| > | find and I did not recommend it.
| > | If you would care to share the problems of the recipe on the list then I
| > | am sure all those reading who are new to Zope would benefit;)
| >
| > Since python scripts are web callable and something has to be passed
| > in... The phrase "execute arbitrary code" is nearly always quickly
| > followed by the phrase "remote exploit" and lots of sad faces (and
| > then some finger pointing d8)
| >
| >    
| If that is the case, aren't all python scripts within Zope potentially 
| exploitable?

Not all python scripts execute arbitrary code *passed to them* 

-- 
Andrew Milton
akm at theinternet.com.au


More information about the Zope mailing list