Using python for writing models: How to run models in restricted python mode?
vinjvinj
vinjvinj at gmail.com
Mon Nov 7 21:55:07 EST 2005
I'm more worried about incompetent users then malicious users. I'm
going to take the following steps:
1. My users will be paying a decent amount of money to run models on
the compute grid. If they are intentionaly writing malicious code then
their account will be disabled.
2. Since their models will be fairly basic.
- No imports in the code.
- No special charters allowed.
- No access to special builtins.
The users write functions which get called man many times with
different variables. I'm not sure how this would work with the rexec
module especially since I'll be passing values to th functions and the
functions will be returning either None, yes, or False.
3. Pylint has a pretty cool way to write your onw custom plugins. You
can write custom handlers for each sort of available node at:
http://www.python.org/doc/current/lib/module-compiler.ast.html
this will allow me to compile a module and give users feedback on what
is wrong and what is not allowed.
4. I'll set up a test sandbox where the models will be run with a
smaller dataaset before then can be pushed into production. if the
models pass the sandbox test then they will be run in production.
I'm going to have write some custom performance monitoring functions to
get notified when some models are running for ever and be able to
terminate them.
vinjvinj
More information about the Python-list
mailing list