Lock down Internet Access from Python script?

roschler robert.oschler at gmail.com
Wed Apr 8 02:49:02 CEST 2009


I know it's not possible to "sandbox" the Python Interpreter like you
can the Java VM, but I'm wondering if there is a way to at least lock
down internet access?  Trying to do it at the O/S service level on
Windows like ZoneAlarm does isn't feasible for me, but I thought there
might be a way to do it at the Python Interpreter level in a way that
would be hard to get around through clever code forming.

My application will be running several out of process Python
Interpreters in a server pool.  My desire is to at least keep authors
from creating a situation where they are downloading Python scripts
from a web server and running them, unless the owner of that station
trusts a particular author enough to grant that kind of access.  Is
there any way to do this that's more bulletproof than trying to
restrict access to known Socket based libraries?  In other words,
something that could stop things at the Socket level rather than
trying to shepherd the situation by preventing the use of certain
modules?

Thanks,
Robert



More information about the Python-list mailing list