Desactivating Python keywords and built-in functions
Benjamin Niemann
b.niemann at betternet.de
Fri Oct 8 17:20:52 CEST 2004
Andr? Roberge wrote:
> In short:
> Is there a simple way to desactivate Python keywords and built-in
> keywords [e.g. eval()]
>
> Longer description:
> I want to use a subset of Python as an embedded language and don't
> want the users to have access to the rest of the language. One
> approach I thought of using would be something along the following
> lines:
>
> read in the script for the user;
> scan for "forbidden" keywords or expression;
> if found, give an error message and stop;
> otherwise, let Python interpret the code.
>
> Before I jump and start coding, I thought I would ask people that know
> more about these things than me
> (which means probably 97.2% of the readership of comp.lang.python ;-)
In short:
there is no simple way :(
Various people have tried this but failed...
Python's dynamic nature is too powerful and sufficiently intelligent hackers
will always find a way around your restrictions.
More information about the Python-list
mailing list