[Zope-dev] Re: RestrtrictedPython vs zope.security.untrustedpython

Philipp von Weitershausen philipp at weitershausen.de
Mon Nov 19 13:33:43 EST 2007


Chris Withers wrote:
> Tres Seaver wrote:
>> Both are.  RestrictedPython is still used in Zope2.  
> 
> Ah, so RestrictedPython is actually what's used for Script (Python)'s in 
> current Zope 2 releases?

Yes, it's a low-level compiler for Python code that replaces certain 
operations such as getattr with respective guards. You'll have to 
provide such guards, though. "Script (Python)" is based on 
Shared.DC.Scripts which implements such guards that do checks based on 
AccessControl.

It looks like zope.security.untrustedpython integrates RestrictedPython 
with zope.security.

> I think RestrictedPython is also "used" (ie: bundled with) Zope 3 given 
> the comments, for example,here:
> 
> http://svn.zope.org/RestrictedPython/trunk/src/RestrictedPython/Eval.py?rev=76322&view=auto 

Yup, it's bundled and since Zope 2 and 3 were in different trees, we had 
a small fork that was reunited in that checkin.

> So, I'm guessing RestrictedPython is the one to aim for?

No idea what you need...



More information about the Zope-Dev mailing list