Dieter Maurer wrote:
Chris Withers wrote at 2007-11-20 23:55 +:
Dieter Maurer wrote:
You execute their code in a globals the __builtins__ of which
contains precisely the builtins you want to give them.
unfortunately that still leaves the import problems, correct?
The import command is
Dieter Maurer wrote:
Chris Withers wrote at 2007-11-20 23:55 +:
Dieter Maurer wrote:
You execute their code in a globals the __builtins__ of which
contains precisely the builtins you want to give them.
unfortunately that still leaves the import problems, correct?
The import command is
Dieter Maurer wrote:
Security questions are very delicate. Nobody will probably give
you a garantee that the approach is really safe.
This is why my gut feel is to stick with RestrictedPython as it has been
pretty well battle tested :-)
cheers,
Chris
--
Simplistix - Content Management,
Chris Withers wrote at 2007-11-22 17:08 +:
Dieter Maurer wrote:
Chris Withers wrote at 2007-11-20 23:55 +:
Dieter Maurer wrote:
You execute their code in a globals the __builtins__ of which
contains precisely the builtins you want to give them.
unfortunately that still leaves the
Chris Withers wrote at 2007-11-20 23:55 +:
Dieter Maurer wrote:
You execute their code in a globals the __builtins__ of which
contains precisely the builtins you want to give them.
unfortunately that still leaves the import problems, correct?
The import command is mapped to the __import__
Philipp von Weitershausen wrote:
Indeed, but how do you prevent importing and insecure builtins like
open without RestrictedPython?
Well, they can only use the builtins you give them, right?
Hmm, not sure what you mean by this? How do you choose what builtins to
give them?
And the
Philipp von Weitershausen wrote:
On 20 Nov 2007, at 00:15 , Chris Withers wrote:
Philipp von Weitershausen wrote:
On 19 Nov 2007, at 20:26 , Chris Withers wrote:
So, I'm guessing RestrictedPython is the one to aim for?
No idea what you need...
Martijn Faassen wrote:
One bit that might be problematic is 'proxy leaking'. I imagine if you
use this you're going to leak proxied objects into the rest of your
system whenever you make a call into your system.
Actually, I'm hoping I can have anything content-object like always
proxied.
Hi there,
On Nov 20, 2007 11:24 AM, Chris Withers [EMAIL PROTECTED] wrote:
[snip]
Traditional Zope 2 doesn't work that way: as soon as you make a call
from your Python script, the underlying code that is being called is
trusted. No proxies anywhere (well, except the ubiquitous acquisition
Martijn Faassen wrote:
There will be a problem if proxies get into subsystems without any
security declarations. Most security policies should forbid access in
that case.
You might be surprised how many things you'll need to add security
declarations for. In my experience this seriously kills
Chris Withers wrote at 2007-11-20 10:21 +:
Philipp von Weitershausen wrote:
Indeed, but how do you prevent importing and insecure builtins like
open without RestrictedPython?
Well, they can only use the builtins you give them, right?
Hmm, not sure what you mean by this? How do you
Dieter Maurer wrote:
You execute their code in a globals the __builtins__ of which
contains precisely the builtins you want to give them.
unfortunately that still leaves the import problems, correct?
cheers,
Chris
--
Simplistix - Content Management, Zope Python Consulting
-
Chris Withers wrote:
Tres Seaver wrote:
Both are. RestrictedPython is still used in Zope2.
Ah, so RestrictedPython is actually what's used for Script (Python)'s in
current Zope 2 releases?
Yes, it's a low-level compiler for Python code that replaces certain
operations such as getattr
Philipp von Weitershausen wrote:
Yes, it's a low-level compiler for Python code that replaces certain
operations such as getattr with respective guards. You'll have to
provide such guards, though. Script (Python) is based on
Shared.DC.Scripts which implements such guards that do checks based
On 19 Nov 2007, at 20:26 , Chris Withers wrote:
So, I'm guessing RestrictedPython is the one to aim for?
No idea what you need...
http://mail.python.org/pipermail/python-list/2007-November/466438.html
It seems like zope.security does exactly what you need (e.g. user code
shouldn't have to
Philipp von Weitershausen wrote:
On 19 Nov 2007, at 20:26 , Chris Withers wrote:
So, I'm guessing RestrictedPython is the one to aim for?
No idea what you need...
http://mail.python.org/pipermail/python-list/2007-November/466438.html
It seems like zope.security does exactly what you need
On 20 Nov 2007, at 00:15 , Chris Withers wrote:
Philipp von Weitershausen wrote:
On 19 Nov 2007, at 20:26 , Chris Withers wrote:
So, I'm guessing RestrictedPython is the one to aim for?
No idea what you need...
http://mail.python.org/pipermail/python-list/2007-November/466438.html
It seems
17 matches
Mail list logo
