On 12/19/06, robomancer <[EMAIL PROTECTED]> wrote:
On the other hand, allowing people to run arbitrary code on your
machine is a Bad Idea even if you *can* ensure that the filesystem
isn't touched. What if they send any of the following?
while True:
pass
def fib(n):
return fib(n-1) + fib(n-2)
fib(1000000)
If you were using Stackless Python, this sort of thing could
easily be detected, interrupted and discarded. You could
then flag the user who wrote the overly intensive logic
and refuse to run any more (or whatever).
def steal_data():
send_to_client("127.0.0.1", pickle.dump(confidential.data.structure)
I wonder if this recipe were taken to the safe extreme, how
much of a subset of Python could be safely allowed:
http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/286134
Richard.
