On 20 Nov 2007, at 00:15 , Chris Withers wrote:
Philipp von Weitershausen wrote:
On 19 Nov 2007, at 20:26 , Chris Withers wrote:
It seems like zope.security does exactly what you need (e.g. user
code shouldn't have to import anything as long as you pass proxied
So, I'm guessing RestrictedPython is the one to aim for?
No idea what you need...
Indeed, but how do you prevent importing and insecure builtins like
"open" without RestrictedPython?
Well, they can only use the builtins you give them, right? And the
'import' statement can be influenced with import hooks, AFAIK. I don't
knwo this for sure, though, so maybe you do need RestrictedPython
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -