Running insecure python code
Bob Ippolito
bob at redivi.com
Thu Feb 26 23:03:12 EST 2004
On 2004-02-26 21:21:37 -0500, "Terry Reedy" <tjreedy at udel.edu> said:
>
> "Noen" <not.available at na.no> wrote in message
> news:hQq%b.41604$BD3.8026233 at juliett.dax.net...
>> Im developing a game where the players will program their equipment with
>> python. Are there any ways to run insecure code?
>
> safely, without letting
>
> > clients mess with the server-code through their own code, or even DOS
> the box
>> by using up too much memory.
>
> There have been several threads on this topic. Quick answer: nothing as
> good as you would want. Stackless, with its tasklets, may be your best bet
> once updated to run with 2.3.3.
Even with stackless, you're not going to be able to stop them from
using "too much memory". Besides, you can't stop a determined and
experienced python hacker from getting ANYTHING (even if it's written
in C) ;)
Stackless 3.0 (Python 2.3.3) compiles and works just fine from CVS
HEAD, and I believe windows binaries are even available. Of course,
documentation is lacking, and we're planning to do quite a bit of stuff
during the sprints next month.. but it's good enough to use if you want
to.
-bob
More information about the Python-list
mailing list