"Safe" Embedded Python
Gerhard Häring
gh_pythonlist at gmx.de
Tue Jan 1 15:32:37 EST 2002
Le 01/01/02 à 12:16, Hervey Wilson écrivit:
> I am contemplating embedding Python in my application in order to support end-user scripting. Having done some initial
> investigation, I am happy with the functionality that I can expose but now I find myself concerned with safety /
> security, specifically I want to limit scripting activities to the core language features and the object model that my
> application exposes. Put another way, I don't want the scripts to be able to read / write to the hard-disk, open sockets
> and so on.
>
> Can anyone provide some tips / links on the viability of doing this
> and any implementation examples ?
I've never done this myself, but I can give a few tips:
The rexec module might offer most of what you need.
You'll need to restrict the modules users can import and remove some
builtins, like with:
del __builtins__.__dict__['open']
The rexec module probably already offers this, I haven't checked.
In the PostgreSQL source tree (http://www.postgresql.org/) you can find
plpython, a module for implementing server-side Python procedures for
the PostgreSQL database. I have seen it restricts the modules you can
load.
Gerhard
--
mail: gerhard <at> bigfoot <dot> de registered Linux user #64239
web: http://www.cs.fhm.edu/~ifw00065/ OpenPGP public key id 86AB43C0
public key fingerprint: DEC1 1D02 5743 1159 CD20 A4B6 7B22 6575 86AB 43C0
reduce(lambda x,y:x+y,map(lambda x:chr(ord(x)^42),tuple('zS^BED\nX_FOY\x0b')))
More information about the Python-list
mailing list