killing thread ?

Tim Peters tim.one at comcast.net
Sat Jan 25 00:06:05 CET 2003


[Jp Calderone]
> ...
> It is currently not possible to write a secure sandbox in
> Python.  I'm not sure if you can call that a bug; it's certainly
> unfortunate.

[Tim]
> Just curious:  does there exist a programming language in which it is
> possible [to] do this?  If so, who guarantees it, and via what kind
> of validation process?

[Bjorn Pettersen]
> For the marketing version:
> http://java.sun.com/marketing/collateral/security.html
>
> insert-appropriate-smiley'ly y'rs

The original branch point for this thread was talking about
denial-of-service attacks, such as sucking up too much CPU.  To Sun's
credit, near the bottom of the linked page they plainly say that Java's
protection against DOS is "weak"; heck, they even list 5 specific ways Java
applets can render host machines unusable, and it doesn't take much
imagination to dream up many more.

I don't expect JavaScript/ECMAScript is any better in this respect.  For
that matter, I'm having a hard time imagining a *usable* programming
language that could be.






More information about the Python-list mailing list