-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chris Withers wrote: > Chris Withers wrote: >> I know we have security proxies nowadays and I'm hoping these have made >> things much more efficient that the old Zope 2 way of doing things >> (anyone have any ideas on this?) but is there still a way of running a >> piece of python in an environment where imports are controlled and >> "dangerous" builtins (ie: ones that would allow you to circumvent the >> security policy) are restricted? > > Okay, I see two potentially interesting things: > > http://svn.zope.org/zope.security/trunk/src/zope/security/untrustedpython/ > > and > > http://svn.zope.org/RestrictedPython/trunk/src/RestrictedPython/ > > Are either of these still in use/maintained?
Both are. RestrictedPython is still used in Zope2. The 'untrustedpython' bit has lots of dependencies, and so is available as an "extra" for zope.security, e.g.: $ bin/easy_install --index-url=http://download.zope.org/zope3.4 \ zope.security[untrustedpython] My guess is that the dependency furball there needs untangling; however, that command line *does* get the pacakge installed. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 [EMAIL PROTECTED] Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHQa7u+gerLs4ltQ4RAkYyAJ9fNyKTueny8Uy3ArmpHJxsmlFZrwCffE31 av7nmTBBMR9j13QygW3rYVo= =3see -----END PGP SIGNATURE----- _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )