Private variables
Erik Max Francis
max at alcyone.com
Fri Oct 18 22:14:34 EDT 2002
"Timothy J. Wood" wrote:
> My goal is to add scripting to a game engine that allows users to
> make their own game types in Python. Thus I want user to be able to
> package up their scripts and give them to other users with as few as
> possible (ideally zero) security concerns.
This isn't really a security issue unless people can dynamically install
Python scripts that execute on _other_ peoples' machines. Having a
scriptable engine doesn't mean that the scripts need to have security
protections in place, unless that engine will be running in some
entrusted location and untrusted scripts are what you plan to run.
If that is the case, then Python is really not a good choice; but then,
very few languages would be suitable. Even security conscious languages
usually can't protect you from mundane, malicious attacks, such as busy
wait loops, or allocating objects to fill up memory, or spawning
processes/threads to fill up process tables.
In Python, if you're interested in some restriction, look into the rexec
module. If security is utterly paramount, tread very, very carefully,
however.
--
Erik Max Francis / max at alcyone.com / http://www.alcyone.com/max/
__ San Jose, CA, USA / 37 20 N 121 53 W / &tSftDotIotE
/ \ I love mankind; it's people I can't stand.
\__/ Charles Schultz
Alcyone Systems' CatCam / http://www.catcam.com/
What do your pets do all day while you're at work? Find out.
More information about the Python-list
mailing list