[Python-Dev] Security capabilities in Python

Eyal Lotem eyal.lotem at gmail.com
Fri Apr 8 16:01:02 CEST 2005

I would like to experiment with security based on Python references as
security capabilities.

Unfortunatly, there are several problems that make Python references
invalid as capabilities:

* There is no way to create secure proxies because there are no
private attributes.
* Lots of Python objects are reachable unnecessarily breaking the
principle of least privelege (i.e: object.__subclasses__() etc.)

I was wondering if any such effort has already begun or if there are
other considerations making Python unusable as a capability platform?

(Please cc the reply to my email)

More information about the Python-Dev mailing list