Embedding Python in Python
Phil Frost
indigo at bitglue.com
Wed Aug 18 15:27:50 EDT 2004
No. An easy way to escape that is to start one's code with
'del __builtins__', then python will add the default __builtins__ back
to the namespace. Restricting what arbitrary code can do has been
discussed many, many times, and it seems there is no way to do it short
of reimplementing a python interpretor.
On Wed, Aug 18, 2004 at 02:56:04PM -0500, Robey Holderith wrote:
> So using this (with a little additional reading) it looks like I
> can do this:
>
> globalDict = {'__builtins__': <my modules here>}
> exec(<pythonCodeFromUser>, globalDict)
>
> And that this will disallow both importing of new modules and direct
> access to my namespace. It will however allow access to the
>
> Would this be secure?
>
> Paul, what's your take on this?
>
> -Robey
>
> On Wed, 18 Aug 2004 14:35:21 -0400, Phil Frost wrote:
>
> > You probably want something like this:
> >
> > globalDict = {}
> > exec(stringOfPythonCodeFromUser, globalDict)
> >
> > globalDict is now the global namespace of whatever was in
> > stringOfPythonCodeFromUser, so you can grab values from that and
> > selectivly import them into your namespace.
> >
> > On Wed, Aug 18, 2004 at 02:26:00PM -0500, Robey Holderith wrote:
> >>
> >> Anyone know a good way to embed python within python?
> >>
> >> Now before you tell me that's silly, let me explain
> >> what I'd like to do.
> >>
> >> I'd like to allow user-defined scriptable objects. I'd
> >> like to give them access to modify pieces of my classes.
> >> I'd like to disallow access to pretty much the rest of
> >> the modules.
> >>
> >> Any ideas/examples?
> >>
> >> -Robey
More information about the Python-list
mailing list