Using python for writing models: How to run models in restricted python mode?

Steven D'Aprano steve at REMOVEMEcyber.com.au
Tue Nov 8 03:30:51 CET 2005


vinjvinj wrote:

> While I understand 2 is very hard (if not impossible) to do in single
> unix process. I'm not sure why 1 would be hard to do. Since I have
> complete control to what code I can allow or not allow on my grid. Can
> i not just search for certain strings and disallow the model if it
> fails certain conditions. It might not be 100% secure but will it not
> get me at 90%...

You might be able to think of and disallow the most 
obvious security holes, but how confident are you that 
you will think of the bad code that your users will 
think of?

Are you concerned about malicious users, or just 
incompetent users?

I suspect your best bet might be to write a 
mini-language using Python, and get your users to use 
that. You will take a small performance hit, but 
security will be very much improved.

What do others think?


-- 
Steven.




More information about the Python-list mailing list