modeling-users

[Modeling-users] ZModelizationTool: security warning

[Sebastien B. <sbi...@us...>]

        Hi all,

  While working on the ZModeler to enable the import of PyModels, I
  realized that it's never been clearly stated anywhere in the
  documentation that this product should not be left in a production
  environment, because it may constitute a security hole.

Since this tool is clearly dedicated to developers and has nothing to do
with runtime, I still consider that working on its security model is not
worth the effort.

  However, now that the PyModels can be imported into it (through an
  exec statement), these security considerations should be better
  advertised. As a consequence, the next release of the ZModeler will
  add security warnings in the add-form and on the 'Overview' page, and
  a zLOG message will be issued at startup, at the WARNING level, as a
  reminder for these security considerations.


-- S=E9bastien.

Re: [Modeling-users] ZModelizationTool: security warning

[SoaF-BSD <so...@la...>]

On Sunday 07 September 2003 15:07, Sebastien Bigaret wrote:
>         Hi all,
>
>   While working on the ZModeler to enable the import of PyModels

Hum quite fun but can we generate the PyModels w/ the ZModeler ? 
Cause ZModeler is a great tool to gain some time (as it's the only one) 


Bye Bye :) 

Re: [Modeling-users] ZModelizationTool: security warning

[Sebastien B. <sbi...@us...>]

SoaF-BSD <so...@la...> wrote:
> On Sunday 07 September 2003 15:07, Sebastien Bigaret wrote:
> >         Hi all,
> >
> >   While working on the ZModeler to enable the import of PyModels
>=20
> Hum quite fun but can we generate the PyModels w/ the ZModeler ?=20
> Cause ZModeler is a great tool to gain some time (as it's the only one)=20


  No, sorry. I thought a little about this and concluded that pymodels
  are soo easy to design that this was worth the effort ;) Seriously I
  do not have enough time for this, and I would need help prototyping
  this when we go for it.

BTW and for your information in the next release I'll integrate the
ability to dynamically create modules and packages from a model --with
the very same ability than the code generated with the
--compact-generation-scheme (default) option.

  With this, no more code generation needed, a model/pymodel alone only
  can be directly used:
=20=20
>>> # load the model & initialize the classes
... pymodel.register_create_modules()
>>> from Modeling.EditingContext import EditingContext
>>> ec=3DEditingContext()
>>> books=3Dec.fetch('Book')
>>> # import them as usual
... from AuthorBooks.Book import Book
>>> b=3DBook(title=3D'mon titre')
>>> ec.insert(b)
>>> ec.saveChanges()

  Of course this is also possible to use this to subclass these
  dynamically created classes for, e.g., adding validation methods.


-- S=E9bastien.