----- Original Message -----
From: "Eric Bréhault" <[EMAIL PROTECTED]>
To: <zope@zope.org>
Sent: Thursday, March 15, 2007 4:19 PM
Subject: Re: [Zope] build a safe proxy
No :-)
I just want to run untrusted Python code using exec and I need this code to
be allowed to access few methods on few Plone portal tools, but nothing
else.
For instance:
portal_membership.getMemberById(id).getProperty('email')
would be accepted but:
portal_membership.addMember()
would be forbidden.
I tried to use zope.security.untrustedpython and also I had a look in
zope.tales.expressions to understand how it works but I didn't succeed in
understanding how I can define what is authorized and what is forbidden.
Apparently it must be done using NamesChecker but I haven't found
documentation about it (I tried to copy/paste the unit tests but
unsuccessfully...).
What would you recommend ? What is the 'official' way to run an untrusted
python code with exec and control what this code can do or not ?
How about an external method?
Jonathan
_______________________________________________
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )