Python & Zope

kosh at aesaeion.com kosh at aesaeion.com
Tue Oct 9 21:11:36 EDT 2001 

Designing the webpages of tomorrow http://webme-eng.com
Designing the MMORPGS of tomorrow http://worldforge.org

On Tue, 9 Oct 2001 jonathan.2.wilkinson at bt.com wrote:

> Anyone,
>
> I'm trying to do this incredibly simple python script in zope: -
>
> myfile = open('myfile', 'w')
> myfile.write('hello\n')
> myfile.close()

What you have here is a security problem which zope will not allow
directly. Inside zope python scripts run in a restricted execution
environment which forbids many commands. If you want to do this it needs
to be done in an external method. Zope tends to be extremely secure
through a combination of fell though out access features and not allowing
this kind of code to be written inside zope.

Think of it this way since code like that is forbidden in zope if someone
cracks into your zope instance they can't then use that access to zope to
crack through to the filesystem since you can't access the filesystem from
inside zope. If you want to access the filesystem you need a python
product or a external method both of which reside on the filesystem
already and it is up to you to secure the holes you punch in the system
like that. However zope will also help with that in that is provides a
very nice security framework as discussed in the zope developers guide on
the zope homepage in the documentation section.

Zope first tries to protect itself from breakins and it does that through
the access lists so that even getting one part does not get you
everythying. If that is compromised zope then tries to protect the host
computer so that even if zope should get cracked they are locked into an
environment where they can't get to the host os which I feel is very
important. At least in that case all I would have to deal with the problem
is copy over a backup up Data.fs file and restart zope and the problem
would be fixed.

>
> It works from a python interpreter fine......but when I try to test it I get
>
>
> Error Type: NameError
> Error Value: global name 'open' is not defined
> Any ideas how to read/write a text file in zope using python?????Can it be
> done?
> Any other methods of writing and reading randomly (well structured sort of
> way, but from anywhere within the file) in zope??
>
> Please help,
> Regards,
> Jono
>
>
>
> --
> http://mail.python.org/mailman/listinfo/python-list
>

More information about the Python-list mailing list