On Sat, Dec 20, 2003, Luke Kenneth Casson Leighton wrote:
On Sat, Dec 20, 2003 at 10:16:29AM -0500, Aahz wrote:
Supposedly there's a middle ground of untrusted but non-hostile code, but what's the point of providing support for that?
the example that i gave that was because i wanted to offer a subset of python functionality to end-users such that they could run DNS lookups, pings, check a web page existed, telnet to a box, run commands and check the output.
to some extent, i didn't care about things like __class__ because 1) the users weren't that bright. 2) the user's weren't that hostile.
Yup. By "what's the point?" I didn't mean that there were no use cases; the problem is that such cases are not frequent enough to justify the effort.
rexec fitted the requirements perfectly - and it still does: it's just been disabled and also changed into something that stops even the library functions from writing to log files. i couldn't even use the MySQLdb module which was kinda critical to the database-driven backend.
Well, you're free to maintain rexec as a separate project (or borrow from the still-maintained Zope system). But anything shipped as part of Python can't afford to assume your points 1) and 2). -- Aahz (aahz@pythoncraft.com) <*> http://www.pythoncraft.com/ Weinberg's Second Law: If builders built buildings the way programmers wrote programs, then the first woodpecker that came along would destroy civilization.