Try Python!

Michael Tobis mtobis at gmail.com
Thu Mar 30 01:45:08 CEST 2006


We had some discussion of this in the edu-sig meeting at PyCon.

I alleged that I had read that there is no such thing as a Python
sandbox. Others claimed that one could simply preprocess and disallow
"dangerous" constructs. My allegation was based on an argument from
authority; I recalled reading the assertion from one of the c.l.p.
regulars that I consider authoritative, though I don't remember which
(Frederick, Alex, Aahz perhaps?).

This is all in relation to why the rexec module went away, and is
certainly relevant to what can be achieved in the sphere of teaching
with python in general, and teaching python with python in particular.

I refer you in particular to these messages from BDFL:

http://mail.python.org/pipermail/python-dev/2002-December/031246.html

http://mail.python.org/pipermail/python-dev/2002-December/031251.html

So what is the scoop? Why does Guido say there is no such thing as a
secure Python, and (as is generally reasonable) presuming he is correct
on the matter, how can these sites work safely? 

thanks
mt




More information about the Python-list mailing list