RE: [Zope-dev] Import Libraries into Python Script
Brian Lloyd wrote: > > What's wrong with: >> >> import imaplib >> imaplib.__allow_access_to_unprotected_subobjects__ = 1 > >Nothing is wrong with it per se - but using the SecurityInfo >interfaces (even indirectly through the helper stuff I checked >in to PythonScripts for 2.3.1) is more future-proof, in case >the actual mechanics of protection change one day. Thanks for explaining. I read the release notes for 2.3.1 just hours after sending my question. Doing this with the new helper functions sounds like a good way. > > And, if the above is somehow bad or insecure, how would you use your >> method to allow access to specific methods in a module, as in: >> >> import re >> re.__allow_access_to_unprotected_subobjects__ = { >> 'sub': 1, >> } > >You can see a minimal example in the standard.py module in >the PythonScripts package (though there is no helper shortcut >for that method yet - there probably should be). A helper shortcut would be nice :) -- Itai Tavor -- "Je sautille, donc je suis."-- [EMAIL PROTECTED]-- - Kermit the Frog -- -- -- -- "Every day, once a day, give yourself a present" - Dale Cooper -- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Import Libraries into Python Script
Itai Tavor wrote: > > What's wrong with: > > import imaplib ^ That's the line that barfs... > imaplib.__allow_access_to_unprotected_subobjects__ = 1 ...so this one never gets executed ;-) cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
RE: [Zope-dev] Import Libraries into Python Script
> What's wrong with: > > import imaplib > imaplib.__allow_access_to_unprotected_subobjects__ = 1 Nothing is wrong with it per se - but using the SecurityInfo interfaces (even indirectly through the helper stuff I checked in to PythonScripts for 2.3.1) is more future-proof, in case the actual mechanics of protection change one day. > And, if the above is somehow bad or insecure, how would you use your > method to allow access to specific methods in a module, as in: > > import re > re.__allow_access_to_unprotected_subobjects__ = { > 'sub': 1, > } You can see a minimal example in the standard.py module in the PythonScripts package (though there is no helper shortcut for that method yet - there probably should be). Brian Lloyd[EMAIL PROTECTED] Software Engineer 540.371.6909 Digital Creations http://www.digicool.com ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
RE: [Zope-dev] Import Libraries into Python Script
What's wrong with: import imaplib imaplib.__allow_access_to_unprotected_subobjects__ = 1 And, if the above is somehow bad or insecure, how would you use your method to allow access to specific methods in a module, as in: import re re.__allow_access_to_unprotected_subobjects__ = { 'sub': 1, } Itai Brian Lloyd wrote: >This needs to be documented (and made a little easier), but >heres a quick primer: > > > o Create a new directory in your 'Products' directory > (called ModuleAssertions or something like that - the > name is unimportant). > > o Create an '__init__.py' file in the new directory. > > o Add module assertions like the example below to __init__.py: > ># Site-wide module security assertions > >from AccessControl.SecurityInfo import ModuleSecurityInfo >import string > >def allow_module(module_name): > module = __import__(module_name) > sec_info=ModuleSecurityInfo(module) > sec_info.setDefaultAccess(1) > sec_info.apply(module.__dict__) > for part in string.split(module_name, '.')[1:]: > module=getattr(module, part) > sec_info=ModuleSecurityInfo(module) > sec_info.setDefaultAccess(1) > sec_info.apply(module.__dict__) > > ># Allow access to base64 module >allow_module('base64') > ># Allow access to imaplib >allow_module('imaplib') > > > o Restart Zope > > > > > >Brian Lloyd[EMAIL PROTECTED] >Software Engineer 540.371.6909 >Digital Creations www.digicool.com > >> -Original Message- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf >> Of Chris Withers >> Sent: Thursday, February 15, 2001 6:49 AM >> To: [EMAIL PROTECTED] >> Subject: [Zope-dev] Import Libraries into Python Script >> >> >> Hi, >> >> What's the 'approved' way of validating standard python modules >> so they can be >> imported in Python Scripts? >> >> I want to import imaplib but can't find out how :-( >> >> cheers, >> > > Chris -- -- Itai Tavor -- "Je sautille, donc je suis."-- [EMAIL PROTECTED]-- - Kermit the Frog -- -- "What he needs now is understanding... and a confederate victory" -- -- Dr. Jacobi, Twin Peaks -- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
RE: [Zope-dev] Import Libraries into Python Script
This needs to be documented (and made a little easier), but heres a quick primer: o Create a new directory in your 'Products' directory (called ModuleAssertions or something like that - the name is unimportant). o Create an '__init__.py' file in the new directory. o Add module assertions like the example below to __init__.py: # Site-wide module security assertions from AccessControl.SecurityInfo import ModuleSecurityInfo import string def allow_module(module_name): module = __import__(module_name) sec_info=ModuleSecurityInfo(module) sec_info.setDefaultAccess(1) sec_info.apply(module.__dict__) for part in string.split(module_name, '.')[1:]: module=getattr(module, part) sec_info=ModuleSecurityInfo(module) sec_info.setDefaultAccess(1) sec_info.apply(module.__dict__) # Allow access to base64 module allow_module('base64') # Allow access to imaplib allow_module('imaplib') o Restart Zope Brian Lloyd[EMAIL PROTECTED] Software Engineer 540.371.6909 Digital Creations www.digicool.com > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf > Of Chris Withers > Sent: Thursday, February 15, 2001 6:49 AM > To: [EMAIL PROTECTED] > Subject: [Zope-dev] Import Libraries into Python Script > > > Hi, > > What's the 'approved' way of validating standard python modules > so they can be > imported in Python Scripts? > > I want to import imaplib but can't find out how :-( > > cheers, > > Chris > > ___ > Zope-Dev maillist - [EMAIL PROTECTED] > http://lists.zope.org/mailman/listinfo/zope-dev > ** No cross posts or HTML encoding! ** > (Related lists - > http://lists.zope.org/mailman/listinfo/zope-announce > http://lists.zope.org/mailman/listinfo/zope ) > ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )