Running insecure python code
Noen
not.available at na.no
Fri Feb 27 16:39:36 EST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bob Ippolito wrote:
Perhaps writing a new script language using the builtin parser module
would solve the problems... Any pre-made scripting languages written in
python out in the wild?
| On 2004-02-26 21:21:37 -0500, "Terry Reedy" <tjreedy at udel.edu> said:
|
|>
|> "Noen" <not.available at na.no> wrote in message
|> news:hQq%b.41604$BD3.8026233 at juliett.dax.net...
|>
|>> Im developing a game where the players will program their equipment with
|>> python. Are there any ways to run insecure code?
|>
|>
|> safely, without letting
|>
|> > clients mess with the server-code through their own code, or even DOS
|> the box
|>
|>> by using up too much memory.
|>
|>
|> There have been several threads on this topic. Quick answer: nothing as
|> good as you would want. Stackless, with its tasklets, may be your
|> best bet
|> once updated to run with 2.3.3.
|
|
| Even with stackless, you're not going to be able to stop them from using
| "too much memory". Besides, you can't stop a determined and experienced
| python hacker from getting ANYTHING (even if it's written in C) ;)
|
| Stackless 3.0 (Python 2.3.3) compiles and works just fine from CVS HEAD,
| and I believe windows binaries are even available. Of course,
| documentation is lacking, and we're planning to do quite a bit of stuff
| during the sprints next month.. but it's good enough to use if you
want to.
|
| -bob
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAP7kZ9vKlXPxSchIRAnFEAJ9hyB2zj54ZWvm4xyCaXwMk+xeQAQCdGEqB
4uZcunGZf7tO1xqS78QER8Q=
=dFNj
-----END PGP SIGNATURE-----
More information about the Python-list
mailing list