[ZOPE] using re.compile(...) raises an HTTP401 (basic authencication) ??????

Gilles Lenfant glenfant.nospam at bigfoot.com
Thu May 3 06:45:31 EDT 2001

Many thanks M. Penfold...

But... curious behaviour, I don't see what kind of security issue may raise
from the re package. It does not play with OS features AFAIK.


"Penfold" <spam at spam.com> a écrit dans le message news:
tf0vf3m832ds2d at corp.supernews.com...
> PythonScript products in Zope run in a protected environment, similar to a
> Bastion environment.
> Basically, various things including attribute access is checked on the fly
> and verified by a SecurityManager.
> Your problem is that you are allowed to *import re* ... you're just not
> allowed to do anything with it ;-)
> ie  re.compile ends up calling __careful_get_attr(re, 'compile') and the
> securityManager says "NO!!"
> Check out the code in the PythonScript product if you want to see how this
> stuff works.
> Solutions ? Well, easiest is to create this as an External Python Script
> they can do anything they like.

More information about the Python-list mailing list