Running insecure python code
Bob Ippolito
bob at redivi.com
Fri Mar 5 11:07:47 EST 2004
On 2004-03-04 16:04:25 -0500, kamikaze at kuoi.asui.uidaho.edu (Mark
'Kamikaze' Hughes) said:
> Bob Ippolito <bob at redivi.com>
> wrote on Fri, 27 Feb 2004 18:57:55 -0500:
>> You can try looking into PyPy or something. In practice, an
>> interpreter written in Python is probably going to be far too slow to
>> be used for any sort of modern game.
>
> You could translate your more limited scripting language into Python,
> and then eval it. This should be reasonably fast, and if you're careful
> not to pass unescaped strings from the player through to Python, it
> should be secure.
>
> For maximum fun, the limited scripting language should be a subset of
> Python.
You have to be awfully careful about resource consumption (long
strings, infinite loops, etc)...
It wouldn't be trivial to do correctly, let's leave it at that.
-bob
More information about the Python-list
mailing list