Re: [Zope-dev] urllib not available in Python Scripts?
Ken Manheimer wrote: > > The benefit of having an explicit name for "enable" is marginal, but would > become significant if there were other access modes besides ENABLE and > DISABLE - eg, "ENABLE_METHODS", "ENABLE_ATTRIBUTES", etc... I'm sure Brian said this kind of thing was "a good thing" a while back too :-) cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] urllib not available in Python Scripts?
Evan Simpson wrote:
>From: "Itai Tavor" <[EMAIL PROTECTED]>
>> > import urllib
>> > urllib.__allow_access_to_unprotected_subobjects__ = 1
>
>> Ok, this is simple enough, and it works. But... it opens access to
>> everything in urllib.
>
>For now, the best way is to use a dictionary of names, like this:
>
> import urllib
> urllib.__allow_access_to_unprotected_subobjects__ = {
> 'quote': 1, 'unquote': 1,
> }
>
>Cheers,
>
>Evan @ digicool & 4-am
Thanks! Nice and simple.
The moral of this story is, you got to know what to ask :-)
--
Itai Tavor"Je sautille, donc je suis."
C3Works[EMAIL PROTECTED] - Kermit the Frog
"If you haven't got your health, you haven't got anything"
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] urllib not available in Python Scripts?
From: "Itai Tavor" <[EMAIL PROTECTED]>
> > import urllib
> > urllib.__allow_access_to_unprotected_subobjects__ = 1
> Ok, this is simple enough, and it works. But... it opens access to
> everything in urllib.
For now, the best way is to use a dictionary of names, like this:
import urllib
urllib.__allow_access_to_unprotected_subobjects__ = {
'quote': 1, 'unquote': 1,
}
Cheers,
Evan @ digicool & 4-am
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] urllib not available in Python Scripts?
Evan Simpson wrote:
>From: "Itai Tavor" <[EMAIL PROTECTED]>
>> The reason I could do urllib.quote in Python Methods was that I
>> implemented the MoreBuiltins trick someone described here a while
>> ago.
>
>That would be me :-)
Ok ,then, thank you for it :-)
> > Is there anything that can be done so that adding modules continues
>> to work?
>
>Sure. Since you've already got a MoreBuiltins module, that's probably a
>fine place to put this. In MoreBuiltins/__init__.py (or a brand new Product
>directory of your choice) put the following lines:
>
> import urllib
> urllib.__allow_access_to_unprotected_subobjects__ = 1
>
>...and similarly if you want to declare other modules PS-importable. As of
>2.3, the proper way to do this will be:
>
> from AccessControl import ModuleSecurityInfo
> ModuleSecurityInfo('urllib').setDefaultAccess(1)
Ok, this is simple enough, and it works. But... it opens access to
everything in urllib. I played around a bit and found that I can't do
any harm with urlopen because I still don't have access to URLopener
objects. But urlretrieve does work, and I can imagine being able to
do some damage with it. MoreBuiltins selected a subset of urllib
methods to make available for Python Methods - can that be done for
Python Scripts?
--
Itai Tavor"Je sautille, donc je suis."
C3Works[EMAIL PROTECTED] - Kermit the Frog
"If you haven't got your health, you haven't got anything"
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] urllib not available in Python Scripts?
On Sat, 16 Dec 2000, Evan Simpson wrote:
> From: "Itai Tavor" <[EMAIL PROTECTED]>
> [...]
> Sure. Since you've already got a MoreBuiltins module, that's probably a
> fine place to put this. In MoreBuiltins/__init__.py (or a brand new Product
> directory of your choice) put the following lines:
>
> import urllib
> urllib.__allow_access_to_unprotected_subobjects__ = 1
>
> ...and similarly if you want to declare other modules PS-importable. As of
> 2.3, the proper way to do this will be:
>
> from AccessControl import ModuleSecurityInfo
> ModuleSecurityInfo('urllib').setDefaultAccess(1)
I wonder whether that ought to be something like:
from AccessControl import ModuleSecurityInfo, ENABLE_ACCESS
ModuleSecurityInfo('urllib').setDefaultAccess(ENABLE_ACCESS)
?
The benefit of having an explicit name for "enable" is marginal, but would
become significant if there were other access modes besides ENABLE and
DISABLE - eg, "ENABLE_METHODS", "ENABLE_ATTRIBUTES", etc...
Ken Manheimer
[EMAIL PROTECTED]
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] urllib not available in Python Scripts?
From: "Itai Tavor" <[EMAIL PROTECTED]>
> The reason I could do urllib.quote in Python Methods was that I
> implemented the MoreBuiltins trick someone described here a while
> ago.
That would be me :-)
> Is there anything that can be done so that adding modules continues
> to work?
Sure. Since you've already got a MoreBuiltins module, that's probably a
fine place to put this. In MoreBuiltins/__init__.py (or a brand new Product
directory of your choice) put the following lines:
import urllib
urllib.__allow_access_to_unprotected_subobjects__ = 1
...and similarly if you want to declare other modules PS-importable. As of
2.3, the proper way to do this will be:
from AccessControl import ModuleSecurityInfo
ModuleSecurityInfo('urllib').setDefaultAccess(1)
Cheers,
Evan @ digicool & 4-am
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] urllib not available in Python Scripts?
Evan Simpson wrote: >From: Itai Tavor <[EMAIL PROTECTED]> >> In Python Methods I could do urllib.quote(...). This doesn't work in >> Python Scripts. Is quote considered a security risk? > >No, but only the modules available to DTML are importable by default. You >would need to provide security declarations in order to import anything from >urllib. I seem to be practicing FUD on myself... The reason I could do urllib.quote in Python Methods was that I implemented the MoreBuiltins trick someone described here a while ago. It added a bunch of modules to TemplateDict, making them available to Python Methods. That was a set-and-forget kind of thing, so I forgot it :-) So the questions I should have asked are: 1) Why can't we have urllib in Python Scripts - and you answered that, and 2) Why doesn't the MoreBuiltins trick work with Python Scripts? The new Guarded.py seems to only pick selected modules from TemplateDict, so the extra modules are ignored. Is there anything that can be done so that adding modules continues to work? I don't understand what you mean by providing security declarations - that doesn't sound like something I can do myself - without hacking the Python Scripts code, that is. Itai -- Itai Tavor"Je sautille, donc je suis." C3Works[EMAIL PROTECTED] - Kermit the Frog "If you haven't got your health, you haven't got anything" ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] urllib not available in Python Scripts?
Itai Tavor writes: > In Python Methods I could do urllib.quote(...). This doesn't work in > Python Scripts. Is quote considered a security risk? "quote" not, but maybe "urllib". Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] urllib not available in Python Scripts?
From: Itai Tavor <[EMAIL PROTECTED]> > In Python Methods I could do urllib.quote(...). This doesn't work in > Python Scripts. Is quote considered a security risk? No, but only the modules available to DTML are importable by default. You would need to provide security declarations in order to import anything from urllib. Cheers, Evan @ digicool & 4-am ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] urllib not available in Python Scripts?
Hi, sorry for the recent barrage of posts... In Python Methods I could do urllib.quote(...). This doesn't work in Python Scripts. Is quote considered a security risk? Itai -- Itai Tavor"Je sautille, donc je suis." C3Works[EMAIL PROTECTED] - Kermit the Frog "If you haven't got your health, you haven't got anything" ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
