remote read eval print loop
Alister
alister.ware at ntlworld.com
Fri Aug 17 02:38:26 EDT 2012
On Fri, 17 Aug 2012 02:27:42 +0000, Steven D'Aprano wrote:
> On Fri, 17 Aug 2012 08:43:50 +1000, Chris Angelico wrote:
>
>> On Fri, Aug 17, 2012 at 6:54 AM, Eric Frederich
>> <eric.frederich at gmail.com> wrote:
>>> Hello,
>>>
>>> I have a bunch of Python bindings for a 3rd party software running on
>>> the server side.
>>> I can add client side extensions that communicate over some http / xml
>>> type requests.
>>> So I can define functions that take a string and return a string. I
>>> would like to get a simple read eval print loop working.
>>
>> Let's stop *right there*. You're looking for something that will run on
>> your server, take strings of text from a remote computer, and eval
>> them.
>>
>> Please, please, please, on behalf of every systems administrator in the
>> world I beg you, please do not do this.
>>
>> Instead, define your own high-level protocol
>
> Stop right there!
>
> There is already awesome protocols for running Python code remotely over
> a network. Please do not re-invent the wheel without good reason.
>
> See pyro, twisted, rpyc, rpclib, jpc, and probably many others.
I think you missed the main point of the previous post which was.
Do NOT blindly eval data sent from a remote computer as is cannot be
trusted. This of course is assuming they are not on a secure connection,
but even then it is good practice as not all attacks come from outside.
although i have to agree with you about not re-inventing wheels, they
invariably come out square :-)
--
<Kensey> RMS for President???
<RelDrgn> ...or ESR, he wants a new job ;)
More information about the Python-list
mailing list