killing thread ?
Tim Peters
tim.one at comcast.net
Fri Jan 24 18:06:05 EST 2003
[Jp Calderone]
> ...
> It is currently not possible to write a secure sandbox in
> Python. I'm not sure if you can call that a bug; it's certainly
> unfortunate.
[Tim]
> Just curious: does there exist a programming language in which it is
> possible [to] do this? If so, who guarantees it, and via what kind
> of validation process?
[Bjorn Pettersen]
> For the marketing version:
> http://java.sun.com/marketing/collateral/security.html
>
> insert-appropriate-smiley'ly y'rs
The original branch point for this thread was talking about
denial-of-service attacks, such as sucking up too much CPU. To Sun's
credit, near the bottom of the linked page they plainly say that Java's
protection against DOS is "weak"; heck, they even list 5 specific ways Java
applets can render host machines unusable, and it doesn't take much
imagination to dream up many more.
I don't expect JavaScript/ECMAScript is any better in this respect. For
that matter, I'm having a hard time imagining a *usable* programming
language that could be.
More information about the Python-list
mailing list