Desactivating Python keywords and built-in functions

Benjamin Niemann b.niemann at betternet.de
Fri Oct 8 17:20:52 CEST 2004


Andr? Roberge wrote:
> In short:
> Is there a simple way to desactivate Python keywords and built-in
> keywords [e.g. eval()]
> 
> Longer description:
> I want to use a subset of Python as an embedded language and don't
> want the users to have access to the rest of the language.   One
> approach I thought of using would be something along the following
> lines:
> 
> read in the script for the user;
> scan for "forbidden" keywords or expression;
> if found, give an error message and stop;
> otherwise, let Python interpret the code.
> 
> Before I jump and start coding, I thought I would ask people that know
> more about these things than me
> (which means probably 97.2% of the readership of comp.lang.python  ;-)
In short:
there is no simple way :(

Various people have tried this but failed...
Python's dynamic nature is too powerful and sufficiently intelligent hackers 
will always find a way around your restrictions.



More information about the Python-list mailing list