--On 24. Januar 2007 11:30:11 -0500 Tres Seaver <[EMAIL PROTECTED]> wrote:

Hash: SHA1

Kirk Strauser wrote:
My company has a Zope server that has no editing rights for external
persons - only employees have management permissions.  We also have a
company-specific hierarchy of several hundred Python modules that I'd
like  to access from Zope.  Rather than modifying each and every module
as per  the instructions in the "Security" chapter of the ZDG, is there
a way to  say "allow the import of any module inside this part of

Oh, for those curious: part of the reason for moving code from Zope
Python  scripts and into filesystem code is that my company has
officially adopted  Python as our new development platform for new
projects.  I'm cranking out  thousands of lines of code, and the Windows
guys are tweaking it to run  under IronPython.  The end goal is to have
a library of code that runs  under Unix, Windows, Mac, or wherever else
we might want to explore, and  then to write frontends to that library
in whatever seems appropriate to  the task.  For example, new web apps
will be written with Zope calling  those modules.  New GUI apps will be
written with Visual Studio calling  those modules.  Yay Zope and Python!
You're what broke us away from vendor  lock-in!

The most straighforward hack to do what you want would be to
monkey-patch 'AccessControl.ZopeGuards.guarded_import', which is the
function that does the current checking.  Slightly less hackish would be
to mutate the security policy, whose 'validate' method is responsible
for checking the policy.  By default, Zope uses the 'C' version of the
security policy, which can't be monkey-patched.

However, your *best* bet is to implement your Zope applications as
filesystem-based products, rather than in "untrusted" code (Python
scripts).  At that point, the modules are easily importable.  You can
arrange for the filesystem products to expose any features which are
needed (e.g., by PageTemplates).

TrustedExecutables are possibly a solution if you don't have much concerns
about security issues.


Attachment: pgpxEuufUWWxc.pgp
Description: PGP signature

Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to