Chris McDonough wrote:
> There's the perception at DC that
> 're' isn't appropriate for through-the-web usage because it's possible to
> write and use regex that sends the Python interpreter thread it's
> operating within into a neverending loop. Sorry.
Am I the only one who thinks this is silly
i for my part think it makes sense. not just from a security standpoint
(think of those sites that allow members who are not necessarily hand-picked
to write DTML or attempt to do so) but also from a knowledge level
standpoint. who wants their site crashed just because the new programmer
doesn't k
Hi,
Chris Withers wrote:
>
> Chris McDonough wrote:
> > There's the perception at DC that
> > 're' isn't appropriate for through-the-web usage because it's possible to
> > write and use regex that sends the Python interpreter thread it's
> > operating within into a neverending loop. Sorry.
>
>
On Wed, 6 Sep 2000, Chris Withers wrote:
> Chris McDonough wrote:
> > There's the perception at DC that
> > 're' isn't appropriate for through-the-web usage because it's possible to
> > write and use regex that sends the Python interpreter thread it's
> > operating within into a neverending loop.
From: Chris Withers <[EMAIL PROTECTED]>
> One of Zope's key strengths is its granular security, right?
> So why isn't it the reponsibility of the site
> designer/maintainer/owner/whatever to ensure that only people he trusts
> have the ability to write DTML?
Fear not. In the brand new shiny Pyth
Chris Withers writes:
> Chris McDonough wrote:
> > There's the perception at DC that
> > 're' isn't appropriate for through-the-web usage because it's possible to
> > write and use regex that sends the Python interpreter thread it's
> > operating within into a neverending loop. Sorry.
[snip
son [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 06, 2000 10:14 AM
> To: Chris Withers
> Cc: Chris McDonough; T.J. Mannos; Marcus Mendes; [EMAIL PROTECTED]
> Subject: Re: [Zope] re module & through the web security
>
>
> Chris Withers writes:
> > Chris McDo
Evan Simpson wrote:
>
> From: Chris Withers <[EMAIL PROTECTED]>
> > One of Zope's key strengths is its granular security, right?
> > So why isn't it the reponsibility of the site
> > designer/maintainer/owner/whatever to ensure that only people he trusts
> > have the ability to write DTML?
>
> F
Evan Simpson writes:
> Fear not. In the brand new shiny PythonMethods Product coming soon
> (really!) to a Zope near you, you will have the ability to say:
>
> ModuleSecurityInfo('re').protect('compile', 'Use the "re" module')
>
> ...and suddenly anyone to whom you grant 'Use the "re" mod
From: Dan L. Pierson <[EMAIL PROTECTED]>
> Does this work for any module or just a semi-safe subset?
>
> How are submodules handled? Just put the full path in the
> ModuleSecurityInfo call? Can you grant permissions for all children
> of a parent module (scary!)?
http://dev.zope.org/Wikis/DevSi
Evan Simpson writes:
> From: Dan L. Pierson <[EMAIL PROTECTED]>
> > Does this work for any module or just a semi-safe subset?
> >
> > How are submodules handled? Just put the full path in the
> > ModuleSecurityInfo call? Can you grant permissions for all children
> > of a parent module (sc
From: Dan L. Pierson <[EMAIL PROTECTED]>
> > http://dev.zope.org/Wikis/DevSite/Projects/PythonMethods/GuardedImport
>
> I looked there.
Ah, but I was sneaky and went and updated it just before posting ;-) You do
have to follow a link or two, but it isn't hard to find (any more).
Cheers,
Evan
Evan Simpson writes:
> Ah, but I was sneaky and went and updated it just before posting ;-) You do
> have to follow a link or two, but it isn't hard to find (any more).
Thanks a lot! That'll teach me not to refresh the page when I check
back :-) It now answers all my questions.
13 matches
Mail list logo
