Alan Milligan wrote:
Hash: SHA1


This patch is against CMF-1.4.7, although one could equally argue it
better suited elsewhere - there appear to me to be minor uncomfortable
dependencies regardless of where it sits (unless it's made an
independent product - which seems a little unwarranted given it's

Dependency management is one of the main reasons for splitting packages. I note that the dependency is on Products.PerlMethod: is that product suitable for inclusion in the Zope core? And where does it live now?

This patch includes the following:
~   images/fspl.gif    (needs an artiste to draw a padlock!)
~   tests/
~   tests/fake_skins/fake_skin/
~   tests/fake_skins/fake_skin/
~  (FSPerlScript registration)

Unfortunately, FSPerlScript is not quite as useful as I'd anticipated,
given that the 'use' statement is a restricted opcode.
I am more than willing to discuss with any interested party(s) how we
may implement a security mechanism whereby we can specify 'safe' Perl
modules, much as we do with the Python modules_allow stuff.

There is a lot of infrastructure to support "safe imports" from Python modules; I imagine some of it would be at least reusable as a source of patterns:

  - $ZOPE_HOME/lib/python/AccessControl/ has a
    'guarded_import' function, which gets injected into the
    'safe_builtins' mapping as '__import__'.

  - It depends on assertions registered in the ModuleSecurityInfo
    helper in $ZOPE_HOME/lib/python/AccessControl/

Tres Seaver                                [EMAIL PROTECTED]
Zope Corporation      "Zope Dealers"

Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists - )

Reply via email to