security

M

Mattia Adami

Hi to all.
I'm intristing in write a plugin for browsers that can execute python
code.
I know the main problem is security. Many thread were opened about this
in the ng.
I would know if fork python rewriting some library could avoid
problems. I.e. one problem is the possibility to access files. If I
rewrite the open() function so that raises exception if the program try
to access a file out of a defined directory.
I'm sure not a security expert, so please be patient if my question is
stupid.
Thanks to all.
 
M

Mike Meyer

Mattia Adami said:
Hi to all.
I'm intristing in write a plugin for browsers that can execute python
code.
I know the main problem is security. Many thread were opened about this
in the ng.
I would know if fork python rewriting some library could avoid
problems. I.e. one problem is the possibility to access files. If I
rewrite the open() function so that raises exception if the program try
to access a file out of a defined directory.
I'm sure not a security expert, so please be patient if my question is
stupid.
Click to expand...

People who *are* security experts have looked into modifying Python to
make it secure, and given up on the project as unrealistic. Generally,
taking an existing project that wasn't designed with security in mind
and making it secure is hard. Not impossible, but not easy.

You might consider using Jython and jythonc to produce objects to run
in the JVM. Not only was that designed with security in mind, but most
browsers come with a JVM already installed.

<mike
 
B

Bruno Desthuilliers

Mattia Adami a écrit :
Hi to all.
I'm intristing in write a plugin for browsers that can execute python
code.
I know the main problem is security. Many thread were opened about this
in the ng.
I would know if fork python rewriting some library could avoid
problems. I.e. one problem is the possibility to access files. If I
rewrite the open() function so that raises exception if the program try
to access a file out of a defined directory.
I'm sure not a security expert, so please be patient if my question is
stupid.
Thanks to all.
Click to expand...

I'm not a security expert either, but you may want to have a look at the
way Zope 2.x handles this kind of restrictions for TTW scripts.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Password validation security issue 19
Simple security between prototype iPhone app and SimpleHTTPServerREST service? 0
Javascript to Java Applet blocked by security baseline. 0
Security Exception 0
Security issue on Windows7 1
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
What should I do Before I give up programming? 6
Crunchy security advisory 1

Members online

Total: 40 (members: 1, guests: 39)
Robots: 160

Forum statistics

Threads
473,774
Messages
2,569,599
Members
45,163
Latest member
Sasha15427

Latest Threads

Top