Christopher Barker wrote: > I have thought about the safety issue. One idea I've had (though I never > bothered with it) was to strip the input files of "import" lines first. > You could do a whole lot less if you couldn't import any arbitrary modules.
Disallowing import statements won't help with that. There are simply too many ways to get around it. See Brett Cannon's paper on securing Python: http://www.cs.ubc.ca/%7Edrifty/papers/python_security.pdf -- Robert Kern "I have come to believe that the whole world is an enigma, a harmless enigma that is made terrible by our own mad attempt to interpret it as though it had an underlying truth." -- Umberto Eco ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Matplotlib-devel mailing list Matplotlib-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/matplotlib-devel
