[Zope3-dev] Fatal Python error: can't initialize module
MultiMapping when access "++apidoc++/Class/menu.html"
Stephan Richter
srichter at cosmos.phy.tufts.edu
Mon Nov 22 14:22:22 EST 2004
On Monday 22 November 2004 14:08, shane at hathawaymix.org wrote:
> An interesting implication of the live class reference is that every
> module in Zope 3 must be safe to import at any time. That might not be so
> good for security--if an intruder can manage to install a Python script in
> the Zope 3 code tree, the script will be executed with Zope's privileges.
> Good thing it's easy to uninstall zope.app.apidoc (I presume.)
Right, API doc should not be installed on a production box. But on the other
hand, Zope considers all filesystem code trusted.
Regards,
Stephan
--
Stephan Richter
CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student)
Web2k - Web Software Design, Development and Training
More information about the Zope3-dev
mailing list