On 2/22/06, Martin Voelkle <[EMAIL PROTECTED]> wrote: > > 1) A full, version and operating system portable vm dump, if desired > > Again, could you *please* give some reference for this? A link to the > corresponding API, anything. > If you are talking about the heap only (global dict), then this is not > full: the stack is missing. > The api is called Python.Pickle. There is also Python.Marshal, which is faster, but less portable. http://docs.python.org/lib/module-cPickle.html http://docs.python.org/lib/module-marshal.html
> > 2) Thread support isn't the worlds best, but it lives up to our > > requirements. Threads are only needed for Map Scripts, they are > > optional but elegant (we could more simply have a callback system) > > As MWM said, coroutines are easy to implement. > > > 2) Can allow a hacker access to the underlieing system if he/she > > is experienced enough and willing to work around all inplace security > > features (python does have them) > > Like with any other runtime anyway. > Can you give us some links to the security features? > Hmm, after discussing with the python crew for some while, it seems as though my original, internal security ideas don't work. You can, however, filter the input script for any "import" or "open", and that covers about 99% of what a person could try to do (open opens files, and if they can't import anything we haven't already, they won't have access to any more than the basic feature set, of which open is pretty much the only danger) You can make the following note: If someone creates a script to destroy their harddrive, they are the only ones who are going to use it, if they send it to the ftp, it can be filtered, and no damage done. > Martin > > > _______________________________________________ > glob2-devel mailing list > [email protected] > http://lists.nongnu.org/mailman/listinfo/glob2-devel > _______________________________________________ glob2-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/glob2-devel
