On 20 Nov 2007, at 00:15 , Chris Withers wrote:
Philipp von Weitershausen wrote:
On 19 Nov 2007, at 20:26 , Chris Withers wrote:
So, I'm guessing RestrictedPython is the one to aim for?
No idea what you need...
http://mail.python.org/pipermail/python-list/2007-November/466438.html
It seems like zope.security does exactly what you need (e.g. user
code shouldn't have to import anything as long as you pass proxied
objects).
Indeed, but how do you prevent importing and insecure builtins like
"open" without RestrictedPython?
Well, they can only use the builtins you give them, right? And the
'import' statement can be influenced with import hooks, AFAIK. I don't
knwo this for sure, though, so maybe you do need RestrictedPython
after all.
_______________________________________________
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
