No :-) I just want to run untrusted Python code using exec and I need this code to be allowed to access few methods on few Plone portal tools, but nothing else. For instance: portal_membership.getMemberById(id).getProperty('email') would be accepted but: portal_membership.addMember() would be forbidden.
I tried to use zope.security.untrustedpython and also I had a look in zope.tales.expressions to understand how it works but I didn't succeed in understanding how I can define what is authorized and what is forbidden. Apparently it must be done using NamesChecker but I haven't found documentation about it (I tried to copy/paste the unit tests but unsuccessfully...). What would you recommend ? What is the 'official' way to run an untrusted python code with exec and control what this code can do or not ? Thanks, Eric BREHAULT On 3/15/07, Andreas Jung <[EMAIL PROTECTED]> wrote:
--On 15. März 2007 16:33:56 +0100 Eric Bréhault <[EMAIL PROTECTED]> wrote: > Hello, > > I am trying to build a safe proxy to wrap the Plone portal object in order > to control what is allowed or not. You're trying to reinvent the Zope security machinery? -aj
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )