How about this for the TODO list for ExternalFile:

Create a facility whereby ExternalFiles must be created
within a set of allowed directory(ies), specified in


For example:
# helpful comment goes here
/     # allow everything

/home/webserver/public  # public stuff
/archive/repository/    # read only dir full of downloaded PDFs
/space/temp             # temporary area for testing

c:\Documents And Settings  # docs dir

- the create dialog will list the current set of allowed directories,
but not allow changes (changes must be done by hand to the txt file)

- there is no default for allowedDirectories.txt
I will ship it with no entries,
meaning that the product is effectively disabled by default

- If no directory is set, ExternalFile.py will raise an Exception at
Zope startup time, indicating that at least one allowdir must be set
The exception report will include appropriate instructions



Martijn Pieters wrote:
On Thu, Nov 07, 2002 at 11:24:35AM -0500, Craeg K Strong wrote:

What would you recommend?  Perhaps there should be
a predefined list of "forbidden" directories for ExternalFiles?
The problem is that-- in the development scenario-- the
very things you mention below might be what you
legitimately *want* to do as a developer.

'Jail' the base directory. Files can only be referenced within the jail.
Relative paths outside the jail are forbidden. This is what FTP and web
servers do, and so should ExternalFiles. A full path (starting with a '/')
then starts at the base directory.

The base directory should not be configurable through the web. Rather, use
an environment variable. Only one directory is needed, as files that need to
be accessible can be copied or symlinked.

Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists - http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )

Reply via email to