After Parrot, what next?
D-Man
dsh8290 at rit.edu
Mon Apr 16 11:37:47 EDT 2001
On Sat, Apr 14, 2001 at 12:58:24AM -0600, Andrew Dalke wrote:
| Mark 'Kamikaze' Hughes wrote:
| >In Python
| >programs, there's already a perfectly functional parser, so you can
| >re-use that as the scripting language, if you can trust the user to
| >write safe code. If you need a sandbox, OTOH, you have to write another
| >language, and you're back to the need for a parser.
|
| Sometimes rexec is good enough,
| http://python.sourceforge.net/devel-docs/lib/module-rexec.html
|
| Doesn't prevent certain types of denial-of-service attacks.
| Does Java have a way to prevent sandboxed code from, say,
| growing through all of memory?
I haven't used rexec stuff (in Python or Java) but I know that Java
limits heap size to begin with so "all memory" in Java can only refer
to the JVM's heap, not to all the actual memory in the machine.
We are using 'ant' for building at this job, and when using jdk1.1.8
the heap size needed to be increased on the java commandline or it
would run out of memory -- even though the machine had plenty left to
spare. (Since then we have found some bugs in 1.1.8 javac that won't
let it compile our code)
-D
More information about the Python-list
mailing list