No :-)
I just want to run untrusted Python code using exec and I need this code to
be allowed to access few methods on few Plone portal tools, but nothing
else.
For instance:
portal_membership.getMemberById(id).getProperty('email')
would be accepted but:
portal_membership.addMember()
would be forbidden.I tried to use zope.security.untrustedpython and also I had a look in zope.tales.expressions to understand how it works but I didn't succeed in understanding how I can define what is authorized and what is forbidden. Apparently it must be done using NamesChecker but I haven't found documentation about it (I tried to copy/paste the unit tests but unsuccessfully...). What would you recommend ? What is the 'official' way to run an untrusted python code with exec and control what this code can do or not ? Thanks, Eric BREHAULT On 3/15/07, Andreas Jung <[EMAIL PROTECTED]> wrote:
--On 15. März 2007 16:33:56 +0100 Eric Bréhault <[EMAIL PROTECTED]> wrote: > Hello, > > I am trying to build a safe proxy to wrap the Plone portal object in order > to control what is allowed or not. You're trying to reinvent the Zope security machinery? -aj
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
