473,326 Members | 2,111 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

Untrusted python code

Hi, I have an application for which I want users to be able to make
themes.
I've planed a rather advanced model (in xml), which gives themes the
option to redefine various drawing methods.
Now I don't want those themes to be able to take over the current user,
but I'd still like the scripts to be able to import stuff like math.
Is there a way to ensure no IO and other dangerous stuff is done?
Sep 23 '07 #1
1 1223
Thomas Dybdahl Ahle <lo****@gmail.comwrites:
Hi, I have an application for which I want users to be able to make
themes.
I've planed a rather advanced model (in xml), which gives themes the
option to redefine various drawing methods.
Now I don't want those themes to be able to take over the current user,
but I'd still like the scripts to be able to import stuff like math.
Is there a way to ensure no IO and other dangerous stuff is done?
No. There used to be something called rexec/bastion but it was
removed because it was insecure.

You might look at http://webpy.org which is a web kit written in
Python, that has its own sandboxed interpreter for a Python-like
user templating language, for doing what you're doing.

You could also consider using something like client side XSLT.
Sep 23 '07 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: Jim Dabell | last post by:
I'm in the middle of writing a small app for Linux that needs to create directories that take their names from untrusted data. If possible, I'd like to preserve special characters rather than...
9
by: Jim Washington | last post by:
I'm still working on yet another parser for JSON (http://json.org). It's called minjson, and it's tolerant on input, strict on output, and pretty fast. The only problem is, it uses eval(). It's...
0
by: Logu | last post by:
Hi, I am getting Untrusted Webserver in if i am adding exisiting Asp.net project in windows 2000 server.. Pl guide me.. Thanks Logu...
5
by: Devan L | last post by:
Is there any safe way to create an instance of an untrusted class without consulting the class in any way? With old-style classes, I can recreate an instance from another one without worrying about...
3
by: King Ron | last post by:
Ola all: I had a call from a client yesterday. She reports that when attempting to connect to a AC2002 mdb backend on a remotely shared pc (mapped locally as \\Server\Users) she suddenly began...
0
by: Ben | last post by:
Hello, I've been developing apps in Delphi for years and have just started writing my first big project in c# + ms .net and have some questions about security and untrusted code. I've got an...
4
by: Joseph Gruber | last post by:
Ok, so I'm about to go nuts. Here's the background -- My Documents is redirected to a network location and My Documents is an offline folder. So my projects location is located in my (network) My...
2
by: Andrey Fedorov | last post by:
Is the scope of a closure accessible after it's been created? Is it safe against XSS to use closures to store "private" auth tokens? In particular, in... ....can untrusted code access...
9
by: Emanuele D'Arrigo | last post by:
I noticed that this issue has been discussed in this newsgroup periodically over the years and I seem to understand that - comprehensive- safe/restricted execution of untrusted code in python is...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.