Chris Withers wrote:
> Chris McDonough wrote:
> > There's the perception at DC that
> > 're' isn't appropriate for through-the-web usage because it's possible to
> > write and use regex that sends the Python interpreter thread it's
> > operating within into a neverending loop.  Sorry.
> Am I the only one who thinks this is silly?
> One of Zope's key strengths is its granular security, right?
> So why isn't it the reponsibility of the site
> designer/maintainer/owner/whatever to ensure that only people he trusts
> have the ability to write DTML?
> It seems like that perception is hobbling Python Methods, in particular,
> by removing useful stuff like the re module because the assumption is
> being made that people editing TTW code will be untrusted.
> IMH(umble), either you don't have confidence in Zope's security, or
> you're assuming your users are stupid (that may be fair for a lot of us,
> but still ;-)
> Comments? :-)
I think the granularity could be finer. If one could give some users
access to more 'riscy' modules and some not, it schould be sufficient.

I schould write a proposal for thru the web python products... *g*


Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to