--- [EMAIL PROTECTED] wrote:
> I'm not familiar with ExternalFile, but likely plan
> to use it in the future.
> I think a list of expressly permitted directory
> locations (including all
> subdirectories) might be more secure.  You can't go
> wrong with a default
> directory for files (perhaps
> $INSTANCE_HOME/var/files or something?), but
> otherwise an implicit deny all - then leave it up to
> the user to edit some
> access list file in the product (for example, call
> it 'diraccess.txt').
> Does this seem reasonable?

Yeah that sounds reasonable to me.  

Jon


=====
------------------------------------------
 JONAGUSTINE LIM
 Email:   [EMAIL PROTECTED]
 ICQ:     2084238
------------------------------------------

__________________________________________________
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos
http://launch.yahoo.com/u2

_______________________________________________
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to