I like the way Brian just sent before. I dont know any language that restricts its usage (would be neat feature for certain projects).
Perl has "taint mode". When enabled, Perl won't let you do any "dangerous" operations (file accesses, system calls, etc) on data that originally came from the user and hasn't been processed to remove its "taintedness". On the other hand, allowing people to run arbitrary code on your machine is a Bad Idea even if you *can* ensure that the filesystem isn't touched. What if they send any of the following? while True: pass def fib(n): return fib(n-1) + fib(n-2) fib(1000000) def steal_data(): send_to_client("127.0.0.1", pickle.dump(confidential.data.structure) There are just so many ways to exploit arbitrary code execution, from malicious data corruption to denial-of-service to buffer-overflow exploits (yes, this is possible even from within Python, if you use any buggy C extension modules)... it's *really* not a good idea. A lot of very smart people have worked hard to solve this sort of problem, and not made much progress. I either recommend having an explicit server/client API and forcing people to use that API (whether it's invoked via Perspective Broker as I suggested earlier, or something more standard like XML-RPC, CORBA, or SOAP), or not allowing a "scripting language" at all, instead opting for something like customizable configuration files that aren't Turing-complete.