diff --git a/product/ERP5Type/__init__.py b/product/ERP5Type/__init__.py
index 5d0a040540bcf1c3029b2306a415644d376fdc5c..8b29a1efa06fc6003ceb5759c1eb56e16db4c3d6 100644
--- a/product/ERP5Type/__init__.py
+++ b/product/ERP5Type/__init__.py
@@ -67,7 +67,7 @@ def initialize( context ):
   portal_tools = ( ClassTool.ClassTool,
                    CacheTool.CacheTool,
                    MemcachedTool.MemcachedTool,
-		   SessionTool.SessionTool )
+                   SessionTool.SessionTool )
   # Do initialization step
   initializeProduct(context, this_module, globals(),
                          document_module = Document,
@@ -90,10 +90,13 @@ def initialize( context ):
   initializeLocalDocumentRegistry()
 
 from AccessControl.SecurityInfo import allow_module
+from AccessControl.SecurityInfo import ModuleSecurityInfo
 
 allow_module('Products.ERP5Type.Cache')
-allow_module('Products.ERP5Type.Utils') # XXX this looks dangerous
-                                        # selected methods only should be allowed eg. cartesianProduct
+ModuleSecurityInfo('Products.ERP5Type.Utils').declarePublic(
+    'sortValueList', 'convertToUpperCase', 'convertToMixedCase',
+    'cartesianProduct', 'sleep')
+
 allow_module('Products.ERP5Type.Message')
 allow_module('Products.ERP5Type.Error')
 allow_module('Products.ERP5Type.Log')