Using python for writing models: How to run models in restricted python mode?
Steven D'Aprano
steve at REMOVEMEcyber.com.au
Mon Nov 7 21:30:51 EST 2005
vinjvinj wrote:
> While I understand 2 is very hard (if not impossible) to do in single
> unix process. I'm not sure why 1 would be hard to do. Since I have
> complete control to what code I can allow or not allow on my grid. Can
> i not just search for certain strings and disallow the model if it
> fails certain conditions. It might not be 100% secure but will it not
> get me at 90%...
You might be able to think of and disallow the most
obvious security holes, but how confident are you that
you will think of the bad code that your users will
think of?
Are you concerned about malicious users, or just
incompetent users?
I suspect your best bet might be to write a
mini-language using Python, and get your users to use
that. You will take a small performance hit, but
security will be very much improved.
What do others think?
--
Steven.
More information about the Python-list
mailing list