472,992 Members | 3,578 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,992 software developers and data experts.

Untrusted python code

Hi, I have an application for which I want users to be able to make
themes.
I've planed a rather advanced model (in xml), which gives themes the
option to redefine various drawing methods.
Now I don't want those themes to be able to take over the current user,
but I'd still like the scripts to be able to import stuff like math.
Is there a way to ensure no IO and other dangerous stuff is done?
Sep 23 '07 #1
1 1214
Thomas Dybdahl Ahle <lo****@gmail.comwrites:
Hi, I have an application for which I want users to be able to make
themes.
I've planed a rather advanced model (in xml), which gives themes the
option to redefine various drawing methods.
Now I don't want those themes to be able to take over the current user,
but I'd still like the scripts to be able to import stuff like math.
Is there a way to ensure no IO and other dangerous stuff is done?
No. There used to be something called rexec/bastion but it was
removed because it was insecure.

You might look at http://webpy.org which is a web kit written in
Python, that has its own sandboxed interpreter for a Python-like
user templating language, for doing what you're doing.

You could also consider using something like client side XSLT.
Sep 23 '07 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: Jim Dabell | last post by:
I'm in the middle of writing a small app for Linux that needs to create directories that take their names from untrusted data. If possible, I'd like to preserve special characters rather than...
9
by: Jim Washington | last post by:
I'm still working on yet another parser for JSON (http://json.org). It's called minjson, and it's tolerant on input, strict on output, and pretty fast. The only problem is, it uses eval(). It's...
0
by: Logu | last post by:
Hi, I am getting Untrusted Webserver in if i am adding exisiting Asp.net project in windows 2000 server.. Pl guide me.. Thanks Logu...
5
by: Devan L | last post by:
Is there any safe way to create an instance of an untrusted class without consulting the class in any way? With old-style classes, I can recreate an instance from another one without worrying about...
3
by: King Ron | last post by:
Ola all: I had a call from a client yesterday. She reports that when attempting to connect to a AC2002 mdb backend on a remotely shared pc (mapped locally as \\Server\Users) she suddenly began...
0
by: Ben | last post by:
Hello, I've been developing apps in Delphi for years and have just started writing my first big project in c# + ms .net and have some questions about security and untrusted code. I've got an...
4
by: Joseph Gruber | last post by:
Ok, so I'm about to go nuts. Here's the background -- My Documents is redirected to a network location and My Documents is an offline folder. So my projects location is located in my (network) My...
2
by: Andrey Fedorov | last post by:
Is the scope of a closure accessible after it's been created? Is it safe against XSS to use closures to store "private" auth tokens? In particular, in... ....can untrusted code access...
9
by: Emanuele D'Arrigo | last post by:
I noticed that this issue has been discussed in this newsgroup periodically over the years and I seem to understand that - comprehensive- safe/restricted execution of untrusted code in python is...
0
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 4 Oct 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
0
by: Aliciasmith | last post by:
In an age dominated by smartphones, having a mobile app for your business is no longer an option; it's a necessity. Whether you're a startup or an established enterprise, finding the right mobile app...
2
by: giovanniandrean | last post by:
The energy model is structured as follows and uses excel sheets to give input data: 1-Utility.py contains all the functions needed to calculate the variables and other minor things (mentions...
3
NeoPa
by: NeoPa | last post by:
Introduction For this article I'll be using a very simple database which has Form (clsForm) & Report (clsReport) classes that simply handle making the calling Form invisible until the Form, or all...
1
by: Teri B | last post by:
Hi, I have created a sub-form Roles. In my course form the user selects the roles assigned to the course. 0ne-to-many. One course many roles. Then I created a report based on the Course form and...
3
by: nia12 | last post by:
Hi there, I am very new to Access so apologies if any of this is obvious/not clear. I am creating a data collection tool for health care employees to complete. It consists of a number of...
0
isladogs
by: isladogs | last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, Mike...
3
SueHopson
by: SueHopson | last post by:
Hi All, I'm trying to create a single code (run off a button that calls the Private Sub) for our parts list report that will allow the user to filter by either/both PartVendor and PartType. On...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.