[Zope] Secure Python Script

Gerald Gutierrez pozix@home.com
Thu, 08 Feb 2001 12:33:43 -0800


I think there was brief mention of something like this a while ago. A 
complement to the current PythonScript (I think that's what it's called 
now), where you are able to script objects in Python, but differs in that 
there are no restrictions on what can be imported and what can be executed. 
It can be made secure by only allowing very few people to be able to 
manipulate one, like only those in the Manager role (who can do just about 
anything anyway).

I think this can be a real bonus to those web applications that are more 
than just a "picture gallery" or a "message board", like those that are 
logic intensive and maintain client state (like a game). The scripts can 
effectively become the "business logic layer", and eliminate the need to do 
file-system level scripting. I believe this was one of the goals of Zope -- 
to do everything through a web browser.


What are the pros and cons of this?