[Zope] Re: External Methods?

Christopher G. Petrilli petrilli@amber.org
Tue, 2 Mar 1999 14:56:03 -0500


On Tue, Mar 02, 1999 at 01:43:10PM -0600, Tres Seaver wrote:
> 
> I looked at the ExternalMethod source last night a bit:  the actual method
> execution is done via an apply() call, after loading and compiling the code for
> the function.  We might be able to come up with an alternate product which used
> a carefully tuned rexec() (Bastion?  I plead ignorance), operating on Python
> code stored in the Zbase itself.

This was an idea I'd proffered, but honestly haven't looked at enough
yet to know whether it would work... it SHOULD work, but it might
require some modifications to the aquisition code, but I've not looked
neough yet.

> The particulars of my case are that the control structures of DTML are not quite
> powerful enough to accomplish my task;  of course, strengthening them, even in a
> "sandbox" model, still leaves open the possibility for buggy/malicious code to
> do ugly things (like your example below).

Well, it might help if you offered what control strucuture you need, we
might be able to come up wit han interim solution.

> Actually, the possibility which seemed most interesting was Doug Wyatt's
> suggestion of "federating" a set of independent Zbases under one (at least
> apparently one) server.  Then any damage my ExternalMethod did would be to the
> Zbase would be on my own head, at least.  If that server were actually a process
> running as me, then standard system security procedures should probably be fine.
> 

TO me this is just a hack to get around it near term, and doesn't fix
the problem.  Also if you have 100 users, do you have 100 instances of
zope running under 1 ZServer?  That sounds like a true administrative
nightmare...  And substantial overkill.

Chris
-- 
| Christopher Petrilli                      ``Television is bubble-gum for
| petrilli@amber.org                          the mind.''-Frank Lloyd Wright