Try Python!
Michael Tobis
mtobis at gmail.com
Wed Mar 29 18:45:08 EST 2006
We had some discussion of this in the edu-sig meeting at PyCon.
I alleged that I had read that there is no such thing as a Python
sandbox. Others claimed that one could simply preprocess and disallow
"dangerous" constructs. My allegation was based on an argument from
authority; I recalled reading the assertion from one of the c.l.p.
regulars that I consider authoritative, though I don't remember which
(Frederick, Alex, Aahz perhaps?).
This is all in relation to why the rexec module went away, and is
certainly relevant to what can be achieved in the sphere of teaching
with python in general, and teaching python with python in particular.
I refer you in particular to these messages from BDFL:
http://mail.python.org/pipermail/python-dev/2002-December/031246.html
http://mail.python.org/pipermail/python-dev/2002-December/031251.html
So what is the scoop? Why does Guido say there is no such thing as a
secure Python, and (as is generally reasonable) presuming he is correct
on the matter, how can these sites work safely?
thanks
mt
More information about the Python-list
mailing list