embedding/parsing script
Carl Banks
imbosol at vt.edu
Mon Dec 9 15:00:16 EST 2002
Gumuz wrote:
> Hi all,
>
> I would like to integrate some kind of scripting capability into my python
> app. See it like this: i have a text document where i want to embed some
> simple script between 'tags'. for example i have 'folder-objects' which can
> contain folders and 'page-objects'. a page object has a headline and a
> textcontent property. i imagine it something like this:
>
> -------------------------
> welcome,
> this is my page, this is the content of this page.
>
> these are the pages in folder ###:
> <pyScript>
> for X in FolderID:
> print X.HeadLine
> </pyScript>
>
> end of file
> ---------------------------
>
> How would one go about doing this. I don't want to give my users the full
> power of python, because then they could stop the app or delete objects etc.
> I want to give them limited scripting capability with a python-like syntax.
> all suggestions are welcome as i have absolutely no clue hoe to begin
> something like this.
Look at the documentation for the rexec module; it probably does what
you're asking for.
However, I highly doubt that rexec is rated safe enough to allow
arbitrary people to execute scripts as root. If that's what your
application does, I highly recommend you find a way to run the scripts
without root privledges. I agree with the suggestion that it might be
better to use a program designed with this in mind. Security is a
very difficult and complex issue, and easy to mess up.
OTOTH, if the scripts are always run by the user, at his or her own
privledge level, then I would say your concerns about users
interrupting the program and deleting files are misplaced. The users
couldn't do anything with Python that they couldn't do anyways. I
would just use exec.
--
CARL BANKS
More information about the Python-list
mailing list