[Edu-sig] Interactive tutorial

[Chris Meyers]

06/08/2001 6:23:21 PM, Dustin Mitchell <dustin@cs.uchicago.edu> 
wrote:

>
>Just a warning: this is asking for trouble.  Even with rexec, 
imagine
>typing 'while 1: pass' and clicking 'eval'.  There's countless 
security
>problems with putting something like this on a server.  They're 
all
>soluble, but you'd better be sure you spotted *all* of them :-)
>

You're right of course. A lot can be avoided by having a dedicated 
server cpu (if you hang it up, no HUGE deal), a controlled import 
path, special class for "open", and a thread to act as a timer for 
the above problem. We should brainstorm other possibilities to 
plug. Finally a "break me" contest for Jeff's students ;-)

Chris