Re: [Zope] re module through the web security

2000-09-08 Thread Dan L. Pierson
Evan Simpson writes: Ah, but I was sneaky and went and updated it just before posting ;-) You do have to follow a link or two, but it isn't hard to find (any more). Thanks a lot! That'll teach me not to refresh the page when I check back :-) It now answers all my questions.

Re: [Zope] re module through the web security

2000-09-07 Thread Dan L. Pierson
Evan Simpson writes: Fear not. In the brand new shiny PythonMethods Product coming soon (really!) to a Zope near you, you will have the ability to say: ModuleSecurityInfo('re').protect('compile', 'Use the "re" module') ...and suddenly anyone to whom you grant 'Use the "re" module'

Re: [Zope] re module through the web security

2000-09-07 Thread Evan Simpson
From: Dan L. Pierson [EMAIL PROTECTED] Does this work for any module or just a semi-safe subset? How are submodules handled? Just put the full path in the ModuleSecurityInfo call? Can you grant permissions for all children of a parent module (scary!)?

Re: [Zope] re module through the web security

2000-09-07 Thread Dan L. Pierson
Evan Simpson writes: From: Dan L. Pierson [EMAIL PROTECTED] Does this work for any module or just a semi-safe subset? How are submodules handled? Just put the full path in the ModuleSecurityInfo call? Can you grant permissions for all children of a parent module (scary!)?

Re: [Zope] re module through the web security

2000-09-07 Thread Evan Simpson
From: Dan L. Pierson [EMAIL PROTECTED] http://dev.zope.org/Wikis/DevSite/Projects/PythonMethods/GuardedImport I looked there. Ah, but I was sneaky and went and updated it just before posting ;-) You do have to follow a link or two, but it isn't hard to find (any more). Cheers, Evan @

Re: [Zope] re module through the web security

2000-09-06 Thread Chris Withers
Chris McDonough wrote: There's the perception at DC that 're' isn't appropriate for through-the-web usage because it's possible to write and use regex that sends the Python interpreter thread it's operating within into a neverending loop. Sorry. Am I the only one who thinks this is silly?

Re: [Zope] re module through the web security

2000-09-06 Thread Jens Vagelpohl
i for my part think it makes sense. not just from a security standpoint (think of those sites that allow members who are not necessarily hand-picked to write DTML or attempt to do so) but also from a knowledge level standpoint. who wants their site crashed just because the new programmer doesn't

Re: [Zope] re module through the web security

2000-09-06 Thread Tino Wildenhain
Hi, Chris Withers wrote: Chris McDonough wrote: There's the perception at DC that 're' isn't appropriate for through-the-web usage because it's possible to write and use regex that sends the Python interpreter thread it's operating within into a neverending loop. Sorry. Am I the

Re: [Zope] re module through the web security

2000-09-06 Thread Chris McDonough
On Wed, 6 Sep 2000, Chris Withers wrote: Chris McDonough wrote: There's the perception at DC that 're' isn't appropriate for through-the-web usage because it's possible to write and use regex that sends the Python interpreter thread it's operating within into a neverending loop. Sorry.

Re: [Zope] re module through the web security

2000-09-06 Thread Evan Simpson
From: Chris Withers [EMAIL PROTECTED] One of Zope's key strengths is its granular security, right? So why isn't it the reponsibility of the site designer/maintainer/owner/whatever to ensure that only people he trusts have the ability to write DTML? Fear not. In the brand new shiny

Re: [Zope] re module through the web security

2000-09-06 Thread Dan L. Pierson
Chris Withers writes: Chris McDonough wrote: There's the perception at DC that 're' isn't appropriate for through-the-web usage because it's possible to write and use regex that sends the Python interpreter thread it's operating within into a neverending loop. Sorry. [snip] It

RE: [Zope] re module through the web security

2000-09-06 Thread Chris McDonough
:[EMAIL PROTECTED]] Sent: Wednesday, September 06, 2000 10:14 AM To: Chris Withers Cc: Chris McDonough; T.J. Mannos; Marcus Mendes; [EMAIL PROTECTED] Subject: Re: [Zope] re module through the web security Chris Withers writes: Chris McDonough wrote: There's the perception at DC

Re: [Zope] re module through the web security

2000-09-06 Thread Bill Anderson
Evan Simpson wrote: From: Chris Withers [EMAIL PROTECTED] One of Zope's key strengths is its granular security, right? So why isn't it the reponsibility of the site designer/maintainer/owner/whatever to ensure that only people he trusts have the ability to write DTML? Fear not. In