Re: [Zope] re module through the web security

2000-09-08 Thread Dan L. Pierson

Evan Simpson writes:
  Ah, but I was sneaky and went and updated it just before posting ;-)  You do
  have to follow a link or two, but it isn't hard to find (any more).

Thanks a lot!  That'll teach me not to refresh the page when I check
back :-)  It now answers all my questions.

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] re module through the web security

2000-09-07 Thread Dan L. Pierson

Evan Simpson writes:
  Fear not.  In the brand new shiny PythonMethods Product coming soon
  (really!) to a Zope near you, you will have the ability to say:
  
  ModuleSecurityInfo('re').protect('compile', 'Use the "re" module')
  
  ...and suddenly anyone to whom you grant 'Use the "re" module' permission
  will be able to 'from re import compile' in their Python Methods.  Anyone
  else will be able to 'import re', but not access any of its contents.

Thank you!  I was going to follow Chris McDonough's suggestion and add
something to the Wiki about this but your solution is just perfect.
Of course I have a couple of questions since I couldn't find any
mention of this in the Wiki:

Does this work for any module or just a semi-safe subset?

How are submodules handled?  Just put the full path in the
ModuleSecurityInfo call?  Can you grant permissions for all children
of a parent module (scary!)?


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] re module through the web security

2000-09-07 Thread Evan Simpson

From: Dan L. Pierson [EMAIL PROTECTED]
 Does this work for any module or just a semi-safe subset?

 How are submodules handled?  Just put the full path in the
 ModuleSecurityInfo call?  Can you grant permissions for all children
 of a parent module (scary!)?

http://dev.zope.org/Wikis/DevSite/Projects/PythonMethods/GuardedImport

...is a good place to start learning about this.  Any module can be made
available -- it's up to the Zope administrator (or Product author) to decide
what they can safely expose, under what terms.

Cheers,

Evan @ digicool  4-am


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] re module through the web security

2000-09-07 Thread Dan L. Pierson

Evan Simpson writes:
  From: Dan L. Pierson [EMAIL PROTECTED]
   Does this work for any module or just a semi-safe subset?
  
   How are submodules handled?  Just put the full path in the
   ModuleSecurityInfo call?  Can you grant permissions for all children
   of a parent module (scary!)?
  
  http://dev.zope.org/Wikis/DevSite/Projects/PythonMethods/GuardedImport

I looked there.  It says something about how import restrictions will
be implemented but nothing at all about what the limitations will be
or what the syntax for interacting with the restriction mechanism will 
be.  For example, your email is the only reference I can find to
ModuleSecurityInfo. 

  ...is a good place to start learning about this.  Any module can be made
  available -- it's up to the Zope administrator (or Product author) to decide
  what they can safely expose, under what terms.

That seems reasonable.

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] re module through the web security

2000-09-07 Thread Evan Simpson

From: Dan L. Pierson [EMAIL PROTECTED]
   http://dev.zope.org/Wikis/DevSite/Projects/PythonMethods/GuardedImport

 I looked there.

Ah, but I was sneaky and went and updated it just before posting ;-)  You do
have to follow a link or two, but it isn't hard to find (any more).

Cheers,

Evan @ digicool  4-am


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] re module through the web security

2000-09-06 Thread Chris Withers

Chris McDonough wrote:
 There's the perception at DC that
 're' isn't appropriate for through-the-web usage because it's possible to
 write and use regex that sends the Python interpreter thread it's
 operating within into a neverending loop.  Sorry.

Am I the only one who thinks this is silly?

One of Zope's key strengths is its granular security, right?
So why isn't it the reponsibility of the site
designer/maintainer/owner/whatever to ensure that only people he trusts
have the ability to write DTML?

It seems like that perception is hobbling Python Methods, in particular,
by removing useful stuff like the re module because the assumption is
being made that people editing TTW code will be untrusted.

IMH(umble), either you don't have confidence in Zope's security, or
you're assuming your users are stupid (that may be fair for a lot of us,
but still ;-)

Comments? :-)

Chris

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] re module through the web security

2000-09-06 Thread Jens Vagelpohl

i for my part think it makes sense. not just from a security standpoint
(think of those sites that allow members who are not necessarily hand-picked
to write DTML or attempt to do so) but also from a knowledge level
standpoint. who wants their site crashed just because the new programmer
doesn't know how to use that re functionality correctly?

looking back at all the products and projects i have been involved in i did
not have to use the re module a single time.

as you know, you can still use the whole module in zope code that resides on
the filesystem, like in products or in external methods. i'd rather be
inconvenienced once every few months than basically invite denial of service
attacks.

jens



 
 Jens Vagelpohl

 The VW Type 4 on the Web:
 http://www.type4.org
 

on 9/6/00 5:43, Chris Withers at [EMAIL PROTECTED] wrote:

 Chris McDonough wrote:
 There's the perception at DC that
 're' isn't appropriate for through-the-web usage because it's possible to
 write and use regex that sends the Python interpreter thread it's
 operating within into a neverending loop.  Sorry.
 
 Am I the only one who thinks this is silly?
 
 One of Zope's key strengths is its granular security, right?
 So why isn't it the reponsibility of the site
 designer/maintainer/owner/whatever to ensure that only people he trusts
 have the ability to write DTML?
 
 It seems like that perception is hobbling Python Methods, in particular,
 by removing useful stuff like the re module because the assumption is
 being made that people editing TTW code will be untrusted.
 
 IMH(umble), either you don't have confidence in Zope's security, or
 you're assuming your users are stupid (that may be fair for a lot of us,
 but still ;-)
 
 Comments? :-)
 
 Chris


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] re module through the web security

2000-09-06 Thread Tino Wildenhain

Hi,

Chris Withers wrote:
 
 Chris McDonough wrote:
  There's the perception at DC that
  're' isn't appropriate for through-the-web usage because it's possible to
  write and use regex that sends the Python interpreter thread it's
  operating within into a neverending loop.  Sorry.
 
 Am I the only one who thinks this is silly?
 
 One of Zope's key strengths is its granular security, right?
 So why isn't it the reponsibility of the site
 designer/maintainer/owner/whatever to ensure that only people he trusts
 have the ability to write DTML?
 
 It seems like that perception is hobbling Python Methods, in particular,
 by removing useful stuff like the re module because the assumption is
 being made that people editing TTW code will be untrusted.
 
 IMH(umble), either you don't have confidence in Zope's security, or
 you're assuming your users are stupid (that may be fair for a lot of us,
 but still ;-)
 
 Comments? :-)
 
I think the granularity could be finer. If one could give some users
access to more 'riscy' modules and some not, it schould be sufficient.

I schould write a proposal for thru the web python products... *g*

Greetings
Tino

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] re module through the web security

2000-09-06 Thread Chris McDonough

On Wed, 6 Sep 2000, Chris Withers wrote:

 Chris McDonough wrote:
  There's the perception at DC that
  're' isn't appropriate for through-the-web usage because it's possible to
  write and use regex that sends the Python interpreter thread it's
  operating within into a neverending loop.  Sorry.
 
 Am I the only one who thinks this is silly?

Probably not.

 
 One of Zope's key strengths is its granular security, right?
 So why isn't it the reponsibility of the site
 designer/maintainer/owner/whatever to ensure that only people he trusts
 have the ability to write DTML?

It is.

 
 It seems like that perception is hobbling Python Methods, in particular,
 by removing useful stuff like the re module because the assumption is
 being made that people editing TTW code will be untrusted.

TTW people are implicitly untrusted.  This is core to the security model.

 
 IMH(umble), either you don't have confidence in Zope's security, or
 you're assuming your users are stupid (that may be fair for a lot of us,
 but still ;-)

I dont think either statement is true.  It is because there are
restrictions that Zope TTW scripting is "safe."   It's
designed to be more safe than expressive.

Chris McDonough
Digital Creations, Publishers of Zope
http://www.zope.org


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] re module through the web security

2000-09-06 Thread Evan Simpson

From: Chris Withers [EMAIL PROTECTED]
 One of Zope's key strengths is its granular security, right?
 So why isn't it the reponsibility of the site
 designer/maintainer/owner/whatever to ensure that only people he trusts
 have the ability to write DTML?

Fear not.  In the brand new shiny PythonMethods Product coming soon
(really!) to a Zope near you, you will have the ability to say:

ModuleSecurityInfo('re').protect('compile', 'Use the "re" module')

...and suddenly anyone to whom you grant 'Use the "re" module' permission
will be able to 'from re import compile' in their Python Methods.  Anyone
else will be able to 'import re', but not access any of its contents.

Cheers,

Evan @ digicool  4-am


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] re module through the web security

2000-09-06 Thread Dan L. Pierson

Chris Withers writes:
  Chris McDonough wrote:
   There's the perception at DC that
   're' isn't appropriate for through-the-web usage because it's possible to
   write and use regex that sends the Python interpreter thread it's
   operating within into a neverending loop.  Sorry.

[snip]

  It seems like that perception is hobbling Python Methods, in particular,
  by removing useful stuff like the re module because the assumption is
  being made that people editing TTW code will be untrusted.

I think the re module is a good example for arguing that DTML and
Python Methods should have different criteria for deciding what
modules are available (and separate permissions for users, if they
don't already).

Somehow, the idea of mixing regexps and DTML gives me chills, but I
agree that it is a perfectly reasonable tool to want to use in Python Methods.
This relates more the crusade to depricate DTML programming as opposed 
to DTML report writing than it does to security concerns.

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




RE: [Zope] re module through the web security

2000-09-06 Thread Chris McDonough

If you're concerned about the availability of various modules within
PythonMethods, you should participate in the PythonMethods project wiki,
probably at the page
http://dev.zope.org/Wikis/DevSite/Projects/PythonMethods/CurrentIssues.

 -Original Message-
 From: Dan L. Pierson [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, September 06, 2000 10:14 AM
 To: Chris Withers
 Cc: Chris McDonough; T.J. Mannos; Marcus Mendes; [EMAIL PROTECTED]
 Subject: Re: [Zope] re module  through the web security
 
 
 Chris Withers writes:
   Chris McDonough wrote:
There's the perception at DC that
're' isn't appropriate for through-the-web usage because 
 it's possible to
write and use regex that sends the Python interpreter thread it's
operating within into a neverending loop.  Sorry.
 
 [snip]
 
   It seems like that perception is hobbling Python Methods, 
 in particular,
   by removing useful stuff like the re module because the 
 assumption is
   being made that people editing TTW code will be untrusted.
 
 I think the re module is a good example for arguing that DTML and
 Python Methods should have different criteria for deciding what
 modules are available (and separate permissions for users, if they
 don't already).
 
 Somehow, the idea of mixing regexps and DTML gives me chills, but I
 agree that it is a perfectly reasonable tool to want to use 
 in Python Methods.
 This relates more the crusade to depricate DTML programming 
 as opposed 
 to DTML report writing than it does to security concerns.
 
 ___
 Zope maillist  -  [EMAIL PROTECTED]
 http://lists.zope.org/mailman/listinfo/zope
 **   No cross posts or HTML encoding!  **
 (Related lists - 
  http://lists.zope.org/mailman/listinfo/zope-announce
  http://lists.zope.org/mailman/listinfo/zope-dev )
 

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] re module through the web security

2000-09-06 Thread Bill Anderson

Evan Simpson wrote:
 
 From: Chris Withers [EMAIL PROTECTED]
  One of Zope's key strengths is its granular security, right?
  So why isn't it the reponsibility of the site
  designer/maintainer/owner/whatever to ensure that only people he trusts
  have the ability to write DTML?
 
 Fear not.  In the brand new shiny PythonMethods Product coming soon
 (really!) to a Zope near you, you will have the ability to say:
 
 ModuleSecurityInfo('re').protect('compile', 'Use the "re" module')
 
 ...and suddenly anyone to whom you grant 'Use the "re" module' permission
 will be able to 'from re import compile' in their Python Methods.  Anyone
 else will be able to 'import re', but not access any of its contents.


Now THAT! Rocks!

--
Do not meddle in the affairs of sysadmins, for they are easy to annoy,
and have the root password.

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )