rexec.py unuseable

Evan Simpson evan at 4-am.com
Tue Dec 16 11:09:01 EST 2003


Michael Chermside wrote:
> At any rate, you get the idea. Capabilities are possible in Python
> only if some sort of "restricted mode" is created, which restricts
> access to some built-in abilities and which creates "restricted"
> objects with some private data and limited introspection. But IF
> you had these things (and they're NOT trivial), then capabilities
> may be a conceptually more elegant approach than ACLs, lleading to
> more elegant programs.

Yep -- Zope 2 creates exactly this sort of environment for untrusted 
code, and uses a security approach similar in some ways to capabilities. 
  Most of the time, if you don't have permission to use the 'write' 
method of an object, you simply aren't allowed access to the method.  If 
you can get access to an object, you can call it (usually).

http://dev.zope.org/Wikis/DevSite/Projects/ComponentArchitecture/CapabilityBasedSecurity
describes a proposed capability-based security model for Zope 3.

Cheers,

Evan @ 4-am






More information about the Python-list mailing list