Mark, Jonathan (Integic) wrote at 2007-1-26 10:29 -0500:
>I have an external method which uses eval(). I would like to prevent anyone 
>from calling this method from inside a URL, e.g., 
>myzopesite/myexternalmethod?myvar=deletemyfiles()
>
>Rather, I wish for only Zope objects such as Python Scripts to be able to call 
>this external method. Is there any way to turn off the publishing of external 
>methods to the web in Zope?

When you do not want that a object is called from the Web, you
have too options: give it a non 'None' 'index_hmtl' (then this
'index_html' is called and can tell that this object must not be called
directly) or give it an empty '__doc__'.

The ZMI does not give you a way to do this, but you can
do it in an interactive Python interpreter accessing your storage
directly (under *nix: "bin/zopectl debug").


-- 
Dieter
_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to