Returning a value from code string

Kirk McDonald mooquack at
Sat Jan 28 12:49:51 EST 2006

Max wrote:
> Kirk McDonald wrote:
>> Another kind of node (I'm still deciding
>> whether to call them Codenodes or Opcodes or maybe Pynodes) is a chunk
>> of code that can be asked to run itself, and which can be edited, on 
>> the fly, from within the website. Thus, one can both alter the 
>> functionality of the site, and add functionality, from the site itself 
>> (so long as you have the user permissions to do so).
> As Steven said, "U R pwn3d". 1f you d0n't sp3a|< l33t (if you don't 
> speak leet), that means you are screaming "hack me, use me to launch 
> attacks on other computers, and than attack my computer". Unless you 
> have some revolutionary ideas in code-security analysis. In which case 
> you can a lot more money than from implementing Everything2 in python.
> --Max

Heavens! Normal users can't edit code! They won't even see it! I'm not a 
*total* moron. The only thing users will be able to enter is some 
simplified HTML. This is a convenience feature for the (trusted) admins 
of the site. There are some simple permission features built into the 
API. Every database-altering API call takes the current user as an 
argument, and if they're not allowed, it tells them to get bent.

Everything2 does this more or less the same way, and they've had few 
issues in the seven or so years they've been operating.

-Kirk McDonald

More information about the Python-list mailing list