[Modeling-users] ZModelizationTool: security warning
Status: Abandoned
Brought to you by:
sbigaret
Menu
▾
▴
[Modeling-users] ZModelizationTool: security warning
|
From: Sebastien B. <sbi...@us...> - 2003-09-07 13:08:54
|
Hi all, While working on the ZModeler to enable the import of PyModels, I realized that it's never been clearly stated anywhere in the documentation that this product should not be left in a production environment, because it may constitute a security hole. Since this tool is clearly dedicated to developers and has nothing to do with runtime, I still consider that working on its security model is not worth the effort. However, now that the PyModels can be imported into it (through an exec statement), these security considerations should be better advertised. As a consequence, the next release of the ZModeler will add security warnings in the add-form and on the 'Overview' page, and a zLOG message will be issued at startup, at the WARNING level, as a reminder for these security considerations. -- S=E9bastien. |
