[Zope-dev] RestrtrictedPython vs zope.security.untrustedpython
Chris Withers
chris at simplistix.co.uk
Mon Nov 19 11:33:54 EST 2007
Tres Seaver wrote:
> Both are. RestrictedPython is still used in Zope2.
Ah, so RestrictedPython is actually what's used for Script (Python)'s in
current Zope 2 releases? That's a big positive selling point for me ;-)
I think RestrictedPython is also "used" (ie: bundled with) Zope 3 given
the comments, for example,here:
http://svn.zope.org/RestrictedPython/trunk/src/RestrictedPython/Eval.py?rev=76322&view=auto
> The
> 'untrustedpython' bit has lots of dependencies, and so is available as
> an "extra" for zope.security, e.g.:
...the warning at the top of this file scares me:
http://svn.zope.org/zope.security/trunk/src/zope/security/untrustedpython/interpreter.py?rev=75174&view=auto
Also, the last changes were made over 3 years ago:
http://svn.zope.org/zope.security/trunk/src/zope/security/untrustedpython/?rev=75174&view=log
including the ominous phrase:
"""
even though it's not actually used, I was afraid
that someone would try to use it
"""
;-)
So, I'm guessing RestrictedPython is the one to aim for?
Anyone have an opinion?
cheers.
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Zope-Dev
mailing list