[Edu-sig] Interactive tutorial
Dethe Elza
delza@alliances.org
Fri, 08 Jun 2001 16:35:11 -0700
on 01/6/8 05:06 PM, Chris Meyers at cmeyers@guardnet.com wrote:
> 06/08/2001 6:23:21 PM, Dustin Mitchell <dustin@cs.uchicago.edu>
> wrote:
>
>>
>> Just a warning: this is asking for trouble. Even with rexec,
> imagine
>> typing 'while 1: pass' and clicking 'eval'. There's countless
> security
>> problems with putting something like this on a server. They're
> all
>> soluble, but you'd better be sure you spotted *all* of them :-)
>>
>
> You're right of course. A lot can be avoided by having a dedicated
> server cpu (if you hang it up, no HUGE deal), a controlled import
> path, special class for "open", and a thread to act as a timer for
> the above problem. We should brainstorm other possibilities to
> plug. Finally a "break me" contest for Jeff's students ;-)
Or we could revive the Python plugin and run code locally in the browser
(which would also allow some really powerful web-applications to be built
around it). Unfortunately, this would require a LOT more work.
--
Dethe Elza
Chief Mad Scientist
Burning Tiger Technologies