[Zope3-dev] Fatal Python error: can't initialize module
MultiMapping when access "++apidoc++/Class/menu.html"
Jim Fulton
jim at zope.com
Mon Nov 29 09:32:46 EST 2004
Stephan Richter wrote:
> On Monday 22 November 2004 14:56, Jim Fulton wrote:
>
>>That's a good point. I suggest that apidoc shouldn't *import* modules,
>>but should look them up in sys.modules. This is the strategy used to
>>access moduls from untrusted code.
>
>
> It will use sys.modules, when it can, since __import__ does this when an entry
> is found, right? However, I cannot just use sys.modules, because some of the
> classes you want to look at, might not have been imported.
The point is that causing modules to be imported from the web is a
security hole waiting to happen.
Why would apidoc want to document a module that hasn't been imported?
Presumably, such a module isn't being used by the system. If it
was, it would be in sys.modules.
Jim
--
Jim Fulton mailto:jim at zope.com Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
More information about the Zope3-dev
mailing list