[Zope] Is there any way to turn off the publishing of external methods to the web in Zope?

Andreas Jung lists at zopyx.com
Fri Jan 26 10:35:58 EST 2007



--On 26. Januar 2007 10:29:08 -0500 "Mark, Jonathan (Integic)" 
<jonathan.mark at integic-hc.com> wrote:

> I have an external method which uses eval(). I would like to prevent
> anyone from calling this method from inside a URL, e.g.,
> myzopesite/myexternalmethod?myvar=deletemyfiles()
>
> Rather, I wish for only Zope objects such as Python Scripts to be able to
> call this external method. Is there any way to turn off the publishing of
> external methods to the web in Zope?

The standard Zope security also apply to external method. Configure the View
permission according to your needs.

-aj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope/attachments/20070126/af50b98f/attachment.bin


More information about the Zope mailing list