Running insecure python code

Bob Ippolito bob at redivi.com
Fri Feb 27 05:03:12 CET 2004


On 2004-02-26 21:21:37 -0500, "Terry Reedy" <tjreedy at udel.edu> said:

> 
> "Noen" <not.available at na.no> wrote in message
> news:hQq%b.41604$BD3.8026233 at juliett.dax.net...
>> Im developing a game where the players will program their equipment with
>> python. Are there any ways to run insecure code?
> 
> safely, without letting
> 
>  > clients mess with the server-code through their own code, or even DOS
> the box
>> by using up too much memory.
> 
> There have been several threads on this topic.  Quick answer: nothing as
> good as you would want.  Stackless, with its tasklets, may be your best bet
> once updated to run with 2.3.3.

Even with stackless, you're not going to be able to stop them from 
using "too much memory".  Besides, you can't stop a determined and 
experienced python hacker from getting ANYTHING (even if it's written 
in C) ;)

Stackless 3.0 (Python 2.3.3) compiles and works just fine from CVS 
HEAD, and I believe windows binaries are even available.  Of course, 
documentation is lacking, and we're planning to do quite a bit of stuff 
during the sprints next month.. but it's good enough to use if you want 
to.

-bob




More information about the Python-list mailing list