embedding/parsing script

[Carl Banks]

Gumuz wrote:
> Hi all,
> 
> I would like to integrate some kind of scripting capability into my python
> app. See it like this: i have a text document where i want to embed some
> simple script between 'tags'. for example i have 'folder-objects' which can
> contain folders and 'page-objects'. a page object has a headline and a
> textcontent property. i imagine it something like this:
> 


> -------------------------
> welcome,
> this is my page, this is the content of this page.
> 
> these are the pages in folder ###:
> <pyScript>
> for X in FolderID:
>  print X.HeadLine
> </pyScript>
> 
> end of file
> ---------------------------
> 
> How would one go about doing this. I don't want to give my users the full
> power of python, because then they could stop the app or delete objects etc.
> I want to give them limited scripting capability with a python-like syntax.
> all suggestions are welcome as i have absolutely no clue hoe to begin
> something like this.

Look at the documentation for the rexec module; it probably does what
you're asking for.

However, I highly doubt that rexec is rated safe enough to allow
arbitrary people to execute scripts as root.  If that's what your
application does, I highly recommend you find a way to run the scripts
without root privledges.  I agree with the suggestion that it might be
better to use a program designed with this in mind.  Security is a
very difficult and complex issue, and easy to mess up.

OTOTH, if the scripts are always run by the user, at his or her own
privledge level, then I would say your concerns about users
interrupting the program and deleting files are misplaced.  The users
couldn't do anything with Python that they couldn't do anyways.  I
would just use exec.



-- 
CARL BANKS