Another scripting language implemented into Python itself?
Orlando Vazquez
ovazquez at gmail.SPAM.com
Tue Jan 25 00:49:32 EST 2005
Jeff Shannon wrote:
snip
> Because you cannot make Python secure against a malicious (or ignorant)
> user -- there's too much flexibility to be able to guard against every
> possible way in which user-code could harm the system. Parsing your own
> (limited) scripting language allows much better control over what
> user-code is capable of doing, and therefore allows (at least some
> measure of) security against malicious code.
I don't see how that would equate to something that the original
programmer should be concerned about. You could include a bit in your
licensing scheme that voids all support on code that has been modified
in any way. You shouldn't be obligated and no one expects you to support
something the end-user has mucked with.
You could trivially enforce this by keeping checksums of all the system
files.
In any case, there's nothing you can really do to "secure" your code.
This is true of any language, C, C++, and especially scripting languages
like Python. Anyone who has the determination get at and modify the code
probably will.
The only time where I can see someone using another language in place of
Python for a scripting language is just domain-specific factors, e.g. if
you need the extension language to be easily used non-programmers.
Just a thought.
--
Orlando Vazquez
More information about the Python-list
mailing list