eval to dict problems NEWB going crazy !
Ant
antroy at gmail.com
Mon Jul 10 10:44:52 EDT 2006
> As Fredrik points out, embedded Python isn't the same as running
> untrusted code. The reality is, Python has not been designed for running
> untrusted code safely.
So how do python app's typically embed python? For example things like
Zope and idle are scripted using Python - presumably they restrict the
execution of the scripts to a restricted set of modules/objects - but
how is this done?
Perhaps idle doesn't require safety from untrusted code, but surely
Zope does. So there must be some way of executing arbitrary untrusted
code in an app within some kind of sandbox...
More information about the Python-list
mailing list