On 20 Nov 2007, at 00:15 , Chris Withers wrote:
Philipp von Weitershausen wrote:
On 19 Nov 2007, at 20:26 , Chris Withers wrote:
So, I'm guessing RestrictedPython is the one to aim for?
No idea what you need...

It seems like zope.security does exactly what you need (e.g. user code shouldn't have to import anything as long as you pass proxied objects).

Indeed, but how do you prevent importing and insecure builtins like "open" without RestrictedPython?

Well, they can only use the builtins you give them, right? And the 'import' statement can be influenced with import hooks, AFAIK. I don't knwo this for sure, though, so maybe you do need RestrictedPython after all.

Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to