Martijn Faassen wrote:
> Stephan Richter wrote:
>> On Friday 10 April 2009, Jim Fulton wrote:
>>>> Unfortunately these are ZC's use cases.
>>> They are not just ZC's use cases.
>> Keas is relying on that safety heavily too. Anyone who wants to build a 
>> secure 
>> DSL based on Python really wants zope.security.
> 
> Okay, second case of such usage noticed.
> 
> One thing that worries me is that PyPy folks keep saying it probably 
> isn't really secure, though they refuse to specify why not when Chris 
> Withers tried to find out last year at EuroPython.

I suspect that's because Python allows anything by default; 
zope.security and RestrictedPython only provide a way to close known 
holes.  The security model of Javascript running in a browser is very 
similar, though, and that seems to be good enough for most people.

Shane
_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to