Armin Rigo wrote:
feature implementations (like AST restrictions or manipulations), and I am more interested in solutions that work at the "semantic" level, i.e. at the level of the behavior of objects (like Zope's security proxies, PyPy's various object spaces, and (at a lower level) PyPy's sandboxing).
Well, this is good to hear :-)
If I have real critics about RestrictedPython it's that it's not Python at all - it's a seriously limited sublanguage.
I wonder how much of this is based on the problem I set in Vilnius? Because of the rough edges of RestrictedPython and the limited resources I had to get the challenge ready, I think the actual problem I set was a lot harder than I meant. Maciej was showing me that in the environment I specified, you couldn't even interate over a tuple of integers :-/
Now I'm sure there are use cases for such a thing,
In it's normal environment, the use case for Restricted Python is huge: - you don't need to create classes as you get all the objects you could want to manipulate from the result of the Zope environment - it's *really nice* having an environment where you can write python but where all the security checks are done for you without having to do explicit checks:
x.a Unauthorized: You are not allowed to access 'a'.
- it would be *really really nice* if such an environment prevented you chewing through excess memory and processing power, which RestrictedPython certainly doesn't offer... cheers, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk