I just want to run untrusted Python code using exec and I need this code to
be allowed to access few methods on few Plone portal tools, but nothing
would be accepted but:
would be forbidden.
I tried to use zope.security.untrustedpython and also I had a look in
zope.tales.expressions to understand how it works but I didn't succeed in
understanding how I can define what is authorized and what is forbidden.
Apparently it must be done using NamesChecker but I haven't found
documentation about it (I tried to copy/paste the unit tests but
What would you recommend ? What is the 'official' way to run an untrusted
python code with exec and control what this code can do or not ?
On 3/15/07, Andreas Jung <[EMAIL PROTECTED]> wrote:
--On 15. März 2007 16:33:56 +0100 Eric Bréhault <[EMAIL PROTECTED]>
> I am trying to build a safe proxy to wrap the Plone portal object in
> to control what is allowed or not.
You're trying to reinvent the Zope security machinery?
Zope maillist - Zope@zope.org
** No cross posts or HTML encoding! **
(Related lists -