Hi,
Chris Withers wrote:
>
> Chris McDonough wrote:
> > There's the perception at DC that
> > 're' isn't appropriate for through-the-web usage because it's possible to
> > write and use regex that sends the Python interpreter thread it's
> > operating within into a neverending loop. Sorry.
>
> Am I the only one who thinks this is silly?
>
> One of Zope's key strengths is its granular security, right?
> So why isn't it the reponsibility of the site
> designer/maintainer/owner/whatever to ensure that only people he trusts
> have the ability to write DTML?
>
> It seems like that perception is hobbling Python Methods, in particular,
> by removing useful stuff like the re module because the assumption is
> being made that people editing TTW code will be untrusted.
>
> IMH(umble), either you don't have confidence in Zope's security, or
> you're assuming your users are stupid (that may be fair for a lot of us,
> but still ;-)
>
> Comments? :-)
>
I think the granularity could be finer. If one could give some users
access to more 'riscy' modules and some not, it schould be sufficient.
I schould write a proposal for thru the web python products... *g*
Greetings
Tino
_______________________________________________
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
