Re: some issues

On Saturday 21 June à 18:29, Christian Scholz wrote:
> Hi there!
> 
> I have some issues with Archetypes I'd like to discuss. So here they are:
> 
> 2. In the transformations I've seen editable paths to executables used to 
> convert
>    certain documents. I don't think of this as being very secure if you 
> imagine
>    people using a site hosted on other peoples servers. Bascially I guess they
>    can execute any program as the zope user (which might even be root on some 
> systems).

That's true. Anyway, transforms are python modules on the server's file
system, so sysadmins have the control on which transformations they are
allowing. It's possible to remove dangerous transformations or to fix
the executable path and make it non configurable. But you're right, 
this issue should be well documented, and maybe dangerous
transformations should go in a place where they can't be imported, so
a manual step is required to enable them.

> Have a nice weekend (hope you all have sun, too)!

too much sun for me in Paris ! I wish I had a swimming pool in my flat ;)

-- 
Sylvain Thénault                               LOGILAB, Paris (France).

http://www.logilab.com   http://www.logilab.fr  http://www.logilab.org



-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php