Sandboxes
Diez B. Roggisch
deets at nospam.web.de
Tue Aug 23 17:54:57 EDT 2005
> Basically I just want a language to allow users to write macros,
> interact with application objects, set property values, sequence
> operations, supporting loops and branch logic and so forth.
>
> Something along the lines of a drawing program that allowed uers to
> write and/or download scripts to perform batches of arbitrary
> (parameterized) operations.
>
> e.g.scripts along the lines of:
>
> function drawfan(x,y,r)
> i=45
> while (i<90)
> if i.isEven()
> color=red;
> else
> color=blue;
> PublishedInterface.Drawline(x,y, x+r*sin(i), y+r*cos(i),color)
> i++
> end while
>
> I want the 'worst case' a malicious script to be able to accompish to be
> a program crash or hang.
The you migth want to think about not criplling the language, but the
library - I'm not sure what has to be done to do that, but maybe these
lines of thought help more - the "usual" thing for restricted execution
was to provide it inside a otherwise fully working interpreter (like
ZOPE). But I might be mistaken.
Diez
More information about the Python-list
mailing list