J Dunford wrote:
In my experience, the general consensus with sandboxing python is - don't try it.
There was some code posted recently that seems to do a fairly good job of preventing access to anything you don't want to allow, using a combination of builtin replacement and pre- processing the code to remove references to certain attribute names. However, there remain issues such as CPU and memory usage that are very difficult to control. If you want to try this on your own machine to protect it from malicious code, and you're willing to take the risk, that's up to you. But I don't think I would want to inflict the danger on someone else via their web browser. -- Greg
