Someone should look at Heroku. It seems that they do containers that already support python that is designed to face the web.
They also have a robust and complete local CLI client. It is very convenient for working on apps with a web face. Chris On Mon, Oct 22, 2018 at 5:55 AM vitalije <[email protected]> wrote: > I am not 100% sure but I believe that it is possible to start docker > instance on some remote host (one instance per user or per script > invocation) and let python execute script inside that docker instance. A > malicious script can try to damage server but the damage will remain inside > its own docker instance. It won't affect other users nor the host as a > whole. > > If I am not mistaken that is what travis services do with the github > projects (including Leo recently). On every github activity (commit/pull > request), it starts new docker instance, installs python and all necessary > libraries, retrieves fresh copy of the source code from github, builds > project and runs tests inside this docker instance and then shuts it down, > keeping only built artifacts and execution logs. Theoretically, an attacker > might submit a pull request containing malicious code to some legitimate > project and travis will execute that code to check if the pull request is > breaking something or not. Of course this attacker has to be registered on > github to submit pull request in the first place, and probably will be soon > banned. Nevertheless his malicious code will be executed but it can't make > substantial damage to the service. > > The only problem I see is that starting new docker instance takes the > time, so it won't be very practical to start one instance for every script > invocation. Also I am not sure how many instances can one host run > simultaneously. > > Perhaps there can be two different types of Leo server: > > - Public Leo server which can provide multi-user outline editing and > browsing, but without scripting abilities > - Private local Leo server which provides full Leo experience > including script execution on local machine, but for a single user > > The public one may allow execution of some scripts approved by the site > administrator. > > Vitalije > > -- > You received this message because you are subscribed to the Google Groups > "leo-editor" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/leo-editor. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "leo-editor" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/leo-editor. For more options, visit https://groups.google.com/d/optout.
