[ZOPE] using re.compile(...) raises an HTTP401 (basic authencication) ??????

Gilles Lenfant glenfant.nospam at bigfoot.com
Thu May 3 12:45:31 CEST 2001


Many thanks M. Penfold...

But... curious behaviour, I don't see what kind of security issue may raise
from the re package. It does not play with OS features AFAIK.

Gilles

"Penfold" <spam at spam.com> a écrit dans le message news:
tf0vf3m832ds2d at corp.supernews.com...
> PythonScript products in Zope run in a protected environment, similar to a
> Bastion environment.
> Basically, various things including attribute access is checked on the fly
> and verified by a SecurityManager.
>
> Your problem is that you are allowed to *import re* ... you're just not
> allowed to do anything with it ;-)
> ie  re.compile ends up calling __careful_get_attr(re, 'compile') and the
> securityManager says "NO!!"
>
> Check out the code in the PythonScript product if you want to see how this
> stuff works.
>
> Solutions ? Well, easiest is to create this as an External Python Script
...
> they can do anything they like.






More information about the Python-list mailing list