Hello, Thank you for your answer Dieter.
Indeed, I have been looking in all the restricted interpreter things. I have been reading zope\security\untristedinterpreter.txt, and I think it is probably what I need. The thing is I don't know how to produce a security proxy which would allow any 'get' access and forbide any 'set' access. I understand I have to use ProxyFactory, but I don't understand how I can configure my own Checker that would grant the access policy I want. If anybody have some knowledge about it, any help would be appreciated. Thanks On 3/6/07, Dieter Maurer <[EMAIL PROTECTED]> wrote:
Eric Bréhault wrote at 2007-3-5 13:14 +0100: >I have build a Plone product which allows users to enter a piece of Python >code. >This way, users can easily define their own actions without changing the >product source code. > >Those pieces of code are executed using the exec Python command. I would instead use TALES expressions of type python. There are restricted -- which is very essential if you cannot fully trust your users. -- Dieter
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )