Re[2]: [Zope3-dev] Security Policy

[Andy McKay]

> In some regards, the sys admin today can allow modules to be imported via
> ModuleSecurityInfo, and some other utility functions.  I've used this just
> to allow access to some of my own utilities in a site I'm working on so I
> don't have to deal with configuring external methods for simple things.

Thats true and Ive done this on my site.

Im more addressing the general philosophy of assuming that TTW is done by people who arent trusted or dont know
better. Its like the range restriction, which stops you putting large ranges,
but doesn't stop you nesting 100 of them. From what I can see very few sites
allow the sort of usage that needs restricting.
-- 
  Andy McKay