471,318 Members | 1,865 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,318 software developers and data experts.

Untrusted python code

Hi, I have an application for which I want users to be able to make
themes.
I've planed a rather advanced model (in xml), which gives themes the
option to redefine various drawing methods.
Now I don't want those themes to be able to take over the current user,
but I'd still like the scripts to be able to import stuff like math.
Is there a way to ensure no IO and other dangerous stuff is done?
Sep 23 '07 #1
1 1169
Thomas Dybdahl Ahle <lo****@gmail.comwrites:
Hi, I have an application for which I want users to be able to make
themes.
I've planed a rather advanced model (in xml), which gives themes the
option to redefine various drawing methods.
Now I don't want those themes to be able to take over the current user,
but I'd still like the scripts to be able to import stuff like math.
Is there a way to ensure no IO and other dangerous stuff is done?
No. There used to be something called rexec/bastion but it was
removed because it was insecure.

You might look at http://webpy.org which is a web kit written in
Python, that has its own sandboxed interpreter for a Python-like
user templating language, for doing what you're doing.

You could also consider using something like client side XSLT.
Sep 23 '07 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by Jim Dabell | last post: by
9 posts views Thread by Jim Washington | last post: by
reply views Thread by Logu | last post: by
reply views Thread by Ben | last post: by
4 posts views Thread by Joseph Gruber | last post: by
2 posts views Thread by Andrey Fedorov | last post: by
9 posts views Thread by Emanuele D'Arrigo | last post: by
reply views Thread by rosydwin | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.