[Zope] Trapping zope exceptions in python script

J Cameron Cooper zope-l at jcameroncooper.com
Thu Dec 15 12:02:28 EST 2005


Jonathan wrote:
> Andreas wrote:
> 
>>
> My 2 cents: PythonScripts are restricted and are *not* thought to be a full
> replacement for Python modules. If you need this functionaltiy consider
> writing a Zope Product, using external methods or using TrustedExecutables.
> 
>>
> 
> If python scripts are restricted from accessing zExceptions (for 
> security reasons???) then why allow python scripts to trap zExceptions 
> in bare try/excepts?  If the logic for not allowing zExceptions in plain 
> vanilla python scripts is for security reasons, then allowing bare 
> try/excepts would seem to be a security hole (though, I don't see the 
> rationale for this).

I would imagine that not allowing these exceptions to be imported in 
trusted code is simply an oversight. The mechanism involved is not a 
"you may not import this" type of thing, but rather a "you may import 
this" statement. It is easy to miss safe but rarely used pieces.

If you have a list of exceptions you would like to have available, go 
and file a bug report. A patch would be even better.

		--jcc
-- 
"Building Websites with Plone"
http://plonebook.packtpub.com/

Enfold Systems, LLC
http://www.enfoldsystems.com


More information about the Zope mailing list