This is something Java actually does pretty well. I dislike it for the most part, but its sandboxing is better than anything I've ever seen (except certain secure OSes). Flash actually does it pretty well now too, though holes keep turning up occasionally. Interestingly, unless they've changed Flash or Java recently, I don't think there's anything that limits the amount of cpu or memory usage since I still see one occasionally running off into the weeds. The solution is just 'fix or don't run that jar/swf'.
Anyhow, a security model needs to be included from the ground up, and python went for the opposite approach - giving you near unlimited power to tinker with things. Which is just great from an app dev standpoint - as long as you don't hang yourself it's astoundingly easy to make huge fundamental changes with small amounts of code. But its horrible if you're then trying to prevent the code from doing 'naughty' operations. There have been at least half a dozen attempts to sandbox python I can think of, all of which failed, scuttled by some obscure reef that ends up making the whole thing useless (because if there's a single hole, that's sufficient to blow the whole thing wide open). You're welcome to try again, of course, but at least research past efforts first. Porting python to a bytecode interpreter that's already secure has been the most successful so far (Jython, IronPython), and I really like the idea of using PyPy to convert to Flash. That seems the way to go to me, since everyone has Flash. Ron
