Leo + Python: the ultimate scripting tool: Conclusion

Edward K. Ream edreamleo at charter.net
Mon Nov 10 15:53:49 EST 2003


> Speaking of a multi-user version, security comes to mind.

Thanks for mentioning this.  Security has been discussed at length on Leo's
SF forums.  It is a _really_ serious problem for an environment as powerful
as Leo and Python.  The general principle is: you (or your scripts) must
NEVER execute a script blindly.  As you say, that is not so easy to do.
Certainly rexec would not help at all: a Leo script could create a time-bomb
and still be legal as far as rexec is concerned.  The only solution is a)
know what scripts you are executing and b) know who you are working with.
Using Leo + Python is like using a chain saw: you had best keep it under
control, and you had best know what you are doing.

Edward
--------------------------------------------------------------------
Edward K. Ream   email:  edreamleo at charter.net
Leo: Literate Editor with Outlines
Leo: http://webpages.charter.net/edreamleo/front.html
--------------------------------------------------------------------






More information about the Python-list mailing list