[Zope] List of safe libraries
abg@comco-inc.com
abg@comco-inc.com
Fri, 26 Jul 2002 11:41:32 -0500
Actually, I was wondering if there is a "Master List" of libraries and
modules that one is authorized to import into a python script object.
-----Original Message-----
From: Joel Burton [mailto:joel@joelburton.com]
Sent: Friday, July 26, 2002 11:28 AM
To: Aaron Gillette
Subject: RE: [Zope] List of safe libraries
It's a little fuzzy... what constitutes safe? Even without any additional
libraries, a clever coder can hang a Zope thread using just PythonScripts.
Regular expressions, for instance, are safe in that they won't let you write
to the filesystem or do other serious damage, but you can easily write a
regex that will never finish, hanging that Zope thread.
Can you be more specific about who will be allowed to write these scripts?
Semi-trusted internal users? Complete strangers?
- J.
--
Joel BURTON | joel@joelburton | www.joelburton.com | aim:wjoelburton
Information Technology & Knowledge Management Consultant
> -----Original Message-----
> From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of
> abg@comco-inc.com
> Sent: Friday, July 26, 2002 12:29 PM
> To: zope@zope.org
> Subject: [Zope] List of safe libraries
>
>
> Does anyone keep a list of libraries that are safe for import into python
> script objects?
>
> Thanks,
>
> Aaron Gillette
> abg@comco-inc.com
>
> Comco, Inc.
> The Source for Data Pros WorldWide.
> Specializing in large-format tape drives (3480, 3490, 3490e, 3590 &
> 9-track), data translation services and data management software.
>
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )
>