import question

[Chris Angelico]

On Fri, Nov 19, 2021 at 3:00 PM Dan Stromberg <drsalists at gmail.com> wrote:
>
>
> On Thu, Nov 18, 2021 at 6:19 PM Chris Angelico <rosuav at gmail.com> wrote:
>>
>> On Fri, Nov 19, 2021 at 11:24 AM Dan Stromberg <drsalists at gmail.com> wrote:
>> >
>> >
>> > On Thu, Nov 18, 2021 at 12:21 PM Chris Angelico <rosuav at gmail.com> wrote:
>> >>
>> >> If you're trying to make a Python-in-Python sandbox, I recommend not.
>> >> Instead, use an OS-level sandbox (a chroot, probably some sort of CPU
>> >> usage limiting, etc), and use that to guard the entire Python process.
>> >> Python-in-Python will basically *never* be secure.
>> >
>> >
>> > Good advice to not try to sandbox python.
>> >
>> > But chroot can sometimes be broken out of.  It isn't a cure-all.
>> >
>>
>> That's true, but it's way better than attempting Python-in-Python
>> sandboxing. In any case, all the options worth investigating will be
>> at the OS level.
>>
>> (Or maybe higher, but I can't imagine it being practical to create
>> individual VMs for each client who comes to the web site.)
>
>
> Actually, there are ports of CPython and Micropython that run inside a web browser over WASM.  Going with one of these might be safer.
>

Hmm, interesting point. I'd mentally ruled out the in-browser options
since the performance hit is usually far too costly, but if this is
basically an educational site, it MAY be sufficient (people won't need
spectacular performance when they're just learning the basics).

ChrisA