Philipp von Weitershausen wrote:
Indeed, but how do you prevent importing and insecure builtins like "open" without RestrictedPython?


Well, they can only use the builtins you give them, right?

Hmm, not sure what you mean by this? How do you choose what builtins to give them?

And the 'import' statement can be influenced with import hooks, AFAIK.

ut surely your untrusted python script could then just go and undo those same hooks?

I don't knwo this for sure, though, so maybe you do need RestrictedPython after all.

I have a feeling I do, but I'd like to check ;-)

cheers,

Chris

--
Simplistix - Content Management, Zope & Python Consulting
           - http://www.simplistix.co.uk
_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to