Another scripting language implemented into Python itself?
Terry Reedy
tjreedy at udel.edu
Tue Jan 25 14:51:24 EST 2005
"Cameron Laird" <claird at lairds.us> wrote in message
news:bt6ic2-7dg.ln1 at lairds.us...
> The original poster wants to work in Python. That's
> fine. Several of us have suggested he further
> expose Python itself to his end-users as an extension
> language. That certainly is feasible. He needn't
> explain all of Python to those end-users--probably
> only a bit about "assignments", control structures,
> and maybe lists.
>
> That approach creates a sort of fragility, though.
> Python includes, along with much else, os.unlink().
> Suppose our original poster doesn't want end-users
> to be able to delete files (or directories ...).
I don't remember if the OP specified *where* the scripted application is to
be run. If on a server, then *any* language with loops is vulnerable to
malicious users. If on a person's own desktop machine, where one can run
'diskformat' or the equivalent, or pick up and drop the machine, then
worrying about Python security seems superfluous. Why worry, for instance,
about os.unlink when the user can just do the same much easier in a text or
gui shell?
Terry J. Reedy
More information about the Python-list
mailing list