Another scripting language implemented into Python itself?
Lee Harr
lee at example.com
Tue Jan 25 17:57:16 EST 2005
>> That approach creates a sort of fragility, though.
>> Python includes, along with much else, os.unlink().
>> Suppose our original poster doesn't want end-users
>> to be able to delete files (or directories ...).
>
> I don't remember if the OP specified *where* the scripted application is to
> be run. If on a server, then *any* language with loops is vulnerable to
> malicious users. If on a person's own desktop machine, where one can run
> 'diskformat' or the equivalent, or pick up and drop the machine, then
> worrying about Python security seems superfluous. Why worry, for instance,
> about os.unlink when the user can just do the same much easier in a text or
> gui shell?
>
What if you were creating a program that used programmable modules
and wanted to let people safely share modules over the internet.
It would be nice to be able to say "downloaded modules are safe
to use. They can only do these things: x, y, z. They will not be
able to access or damage anything outside of the application"
More information about the Python-list
mailing list