Sandboxes
Diez B. Roggisch
deets at nospam.web.de
Sat Aug 20 06:50:50 EDT 2005
> Would this sufficient? Are there any drawbacks or giant gaping holes?
> I'm anticipating that I'd also need to block 'exec' and 'eval' to
> prevent an import from being obfuscated past the pre-parse.
>
> Or is this a hopeless cause?
Yes. There have been numerous discussions about this, and there are so
many different ways to overcome such imposed limitations - it won't work.
>
> Finally, either way, would anyone recommend a different script engine
> that might be more suitable for what I'm trying to accomplish that I
> might not have looked at. I don't need much; it needs to work with C#,
> and be able to easily interact with 'published' interface. I'd also like
> to leverage a "popular" language instead of something obscure.
Maybe LUA? I only heard that it's well suited for such tasks.
The overall question for me is: Why crippled acess at all? What do you
fear your users could do that harms you or others? There are of coures
valid reasons, I don't question that generally. E.g. applets and the
like. So what is the actual usecase?
Regards,
Diez
More information about the Python-list
mailing list