Returning a value from code string
mooquack at suad.org
Sat Jan 28 12:49:51 EST 2006
> Kirk McDonald wrote:
>> Another kind of node (I'm still deciding
>> whether to call them Codenodes or Opcodes or maybe Pynodes) is a chunk
>> of code that can be asked to run itself, and which can be edited, on
>> the fly, from within the website. Thus, one can both alter the
>> functionality of the site, and add functionality, from the site itself
>> (so long as you have the user permissions to do so).
> As Steven said, "U R pwn3d". 1f you d0n't sp3a|< l33t (if you don't
> speak leet), that means you are screaming "hack me, use me to launch
> attacks on other computers, and than attack my computer". Unless you
> have some revolutionary ideas in code-security analysis. In which case
> you can a lot more money than from implementing Everything2 in python.
Heavens! Normal users can't edit code! They won't even see it! I'm not a
*total* moron. The only thing users will be able to enter is some
simplified HTML. This is a convenience feature for the (trusted) admins
of the site. There are some simple permission features built into the
API. Every database-altering API call takes the current user as an
argument, and if they're not allowed, it tells them to get bent.
Everything2 does this more or less the same way, and they've had few
issues in the seven or so years they've been operating.
More information about the Python-list