Alternatives to XML?
Marko Rauhamaa
marko at pacujo.net
Thu Aug 25 01:59:46 EDT 2016
"Frank Millman" <frank at chagford.com>:
> If I store the business rule in Python code, how do I prevent
> untrusted users putting malicious code in there? I presume I would
> have to execute the code by calling eval(), which we all know is
> dangerous. Is there another way of executing it that I am unaware of?
This is a key question.
A couple of days back I stated the principle that a programming language
is better than a rule language. That principle is followed by
PostScript printers, Java applets, web pages with JavaScript, emacs
configuration files etc. The question is how do you get the desired
benefits without opening the door to sabotage. You have to shield CPU
usage, memory usage, disk access, network access etc.
You can google for solutions with search terms such as "python sandbox",
"linux sandbox" and "linux container sandbox".
Marko
More information about the Python-list
mailing list