Re: [Zope] Using md5 with allow_module
Hi Andreas, On 1/8/08, Andreas Jung [EMAIL PROTECTED] wrote: Enough people have struggled with this that I'd like to understand it well enough to add something to the wiki for the next person who has the problem... There is an intriguing comment at the end of the page: http://wiki.zope.org/zope2/HowToAddModulesToRestrictedCode Yes, I saw that. I've been in this situation a couple of times before, and have not pursued the allow_modules() option because it was simple enough to create an external method. However, this seemed like a nice simple case where allow_modules() should work, so I wanted to get to the bottom of it and understand my previous problems. From what you say, the most useful comment I could add to the wiki would be to quote your original response that allow_module() does not work with all and everything and add my own conclusion that if allow_module() does not work in a given case it is not worth spending much troubleshooting time on. I'm happy to accept your advice that allow_modules() simply won't work in all cases - but that's the advice I wish I'd found in the wiki 24 hours ago... -- Cheers, Philip ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Using md5 with allow_module
Running Clam wrote at 2008-1-7 21:10 +: I have a need to generate an md5 hash for an XML fragment generated by TTW Zope code. I thought I could do this with allow_module - I have a pseudo-product with an __init_,py that contains: - # Global module assertions for Python scripts from Products.PythonScripts.Utility import allow_module allow_module(md5) An allow_module allows import of the module and all its content. It does not in general allow to use the objects inside the module. For example, to use class instances for classes defined in the module, the class must provide its own security declarations which control in what way the instances can be used. In your case, the module contains special types. You need an allow_type for each of these types to be able to use them. -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Using md5 with allow_module
--On 7. Januar 2008 21:10:32 + Running Clam [EMAIL PROTECTED] wrote: Hi, I have a need to generate an md5 hash for an XML fragment generated by TTW Zope code. Error Type: Unauthorized Error Value: The container has no security assertions. Access to 'update' of (md5.md5 object at 0xb98ab00) denied. I'm basing this on: - http://www.zope.org/Documentation/Books/ZDG/current/Security.stx ...specifically the section entitled Utility Functions For Allowing Import of Modules By Through The Web Code. I thought I understood this, and have used it with other Python modules, but based on what is happening with the md5 module, I obvioulsy don't! FAQ! allow_module() does not work with all and everything. Use an external method or a browser view instead or move your code into your zope product code (if you have one). -aj pgp83PV2ymWMR.pgp Description: PGP signature ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Using md5 with allow_module
Hi All, Sorry Andreas - I hit reply instead of reply-all, and sent my response only to you. Thanks for your reply. On 1/8/08, Andreas Jung [EMAIL PROTECTED] wrote: FAQ! Yes, there have been a good few questions about this - I spent a lot of time googling yesterday, and found a couple of threads where the questioner seems to have given up at this point. The problem seems to be that it works some of the time - I have another case where it works (pywintypes, FWIW). allow_module() does not work with all and everything. Use an external method or a browser view instead or move your code into your zope product code (if you have one). In this case, how could I know that allow_module() will not work with md5? IOW, how could I tell the difference between a module not being a candidate for allow_module() and an error in my own code? I understand that an external method or a product are my other choices, but I'm really uncomfortable about not understanding how I can tell when I can and when I cannot use allow_module() - at the moment, this feels horribly like trial and error coding! Enough people have struggled with this that I'd like to understand it well enough to add something to the wiki for the next person who has the problem... -- Cheers, Philip ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Using md5 with allow_module
--On 8. Januar 2008 06:47:37 + Running Clam [EMAIL PROTECTED] wrote: I understand that an external method or a product are my other choices, but I'm really uncomfortable about not understanding how I can tell when I can and when I cannot use allow_module() - at the moment, this feels horribly like trial and error coding! Enough people have struggled with this that I'd like to understand it well enough to add something to the wiki for the next person who has the problem... There is an intriguing comment at the end of the page: http://wiki.zope.org/zope2/HowToAddModulesToRestrictedCode Andreas pgpci4wS9oRuE.pgp Description: PGP signature ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )