Untrusted python code

  • Thread starter Thomas Dybdahl Ahle
  • Start date
T

Thomas Dybdahl Ahle

Hi, I have an application for which I want users to be able to make
themes.
I've planed a rather advanced model (in xml), which gives themes the
option to redefine various drawing methods.
Now I don't want those themes to be able to take over the current user,
but I'd still like the scripts to be able to import stuff like math.
Is there a way to ensure no IO and other dangerous stuff is done?
 
P

Paul Rubin

Thomas Dybdahl Ahle said:
Hi, I have an application for which I want users to be able to make
themes.
I've planed a rather advanced model (in xml), which gives themes the
option to redefine various drawing methods.
Now I don't want those themes to be able to take over the current user,
but I'd still like the scripts to be able to import stuff like math.
Is there a way to ensure no IO and other dangerous stuff is done?

No. There used to be something called rexec/bastion but it was
removed because it was insecure.

You might look at http://webpy.org which is a web kit written in
Python, that has its own sandboxed interpreter for a Python-like
user templating language, for doing what you're doing.

You could also consider using something like client side XSLT.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,904
Latest member
HealthyVisionsCBDPrice

Latest Threads

Top