By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,621 Members | 1,104 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,621 IT Pros & Developers. It's quick & easy.

security

P: n/a
Hi to all.
I'm intristing in write a plugin for browsers that can execute python
code.
I know the main problem is security. Many thread were opened about this
in the ng.
I would know if fork python rewriting some library could avoid
problems. I.e. one problem is the possibility to access files. If I
rewrite the open() function so that raises exception if the program try
to access a file out of a defined directory.
I'm sure not a security expert, so please be patient if my question is
stupid.
Thanks to all.

Oct 25 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Mattia Adami a écrit :
Hi to all.
I'm intristing in write a plugin for browsers that can execute python
code.
I know the main problem is security. Many thread were opened about this
in the ng.
I would know if fork python rewriting some library could avoid
problems. I.e. one problem is the possibility to access files. If I
rewrite the open() function so that raises exception if the program try
to access a file out of a defined directory.
I'm sure not a security expert, so please be patient if my question is
stupid.
Thanks to all.


I'm not a security expert either, but you may want to have a look at the
way Zope 2.x handles this kind of restrictions for TTW scripts.

Oct 25 '05 #2

P: n/a
"Mattia Adami" <am*******@email.it> writes:
Hi to all.
I'm intristing in write a plugin for browsers that can execute python
code.
I know the main problem is security. Many thread were opened about this
in the ng.
I would know if fork python rewriting some library could avoid
problems. I.e. one problem is the possibility to access files. If I
rewrite the open() function so that raises exception if the program try
to access a file out of a defined directory.
I'm sure not a security expert, so please be patient if my question is
stupid.


People who *are* security experts have looked into modifying Python to
make it secure, and given up on the project as unrealistic. Generally,
taking an existing project that wasn't designed with security in mind
and making it secure is hard. Not impossible, but not easy.

You might consider using Jython and jythonc to produce objects to run
in the JVM. Not only was that designed with security in mind, but most
browsers come with a JVM already installed.

<mike
--
Mike Meyer <mw*@mired.org> http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.
Oct 25 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.