Philipp von Weitershausen wrote:
Indeed, but how do you prevent importing and insecure builtins like
"open" without RestrictedPython?
Well, they can only use the builtins you give them, right?
Hmm, not sure what you mean by this? How do you choose what builtins to
give them?
And the
'import' statement can be influenced with import hooks, AFAIK.
ut surely your untrusted python script could then just go and undo those
same hooks?
I don't
knwo this for sure, though, so maybe you do need RestrictedPython after
all.
I have a feeling I do, but I'd like to check ;-)
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
_______________________________________________
Zope-Dev maillist - [email protected]
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
