Secure scripts variables

Paul Rubin http
Wed Mar 30 10:04:06 CEST 2005


Florian Lindner <Florian.Lindner at xgm.de> writes:
> I have a script which is readable and executable by a user, but not
> writable.
> The users executes the scripts, it reads in a value and based on this value
> it computes a result and stores it in a variable.
> Can the user read out the value of this variable? If yes, can he be
> prevented to do so?

I don't really understand the question.  The user could, for example,
run the Python interpreter under a debugger, and examine its internal
state step by step during execution.  

What you really want is a setuid script.  That can do what you want,
but you have to write them very carefully.



More information about the Python-list mailing list