Hi, From a security perspective, it seems like the ideas on the wiki page are all related to securing the remote source. It might be worth considering what could be done to minimize how much pymol has to trust the remote source or the network.
A few ideas: - Sandboxing would be ideal, but I don't know if there's infrastructure in python to support it. It might be easier to filter fetched scripts to only allow a restricted subset of python functions (the ast library looks like it might make this a bit easier). If a script can't access the network or hard disk, then it doesn't need to be trusted as much. - The wiki doesn't appear to support SSL. So that means trusting the network to get to the wiki correctly, in addition to the wiki itself. I don't have any good ideas for how to work around this one. Pete Michael Lerner wrote: > Hi all, > > I'm considering building in a mechanism for automatically fetching scripts > from the PyMOL Wiki. The goal is to allow users to say > > fetch findSurfaceResidues, type=script > findSurfaceResidues doShow=True, cutoff=0.5 > > The convenience benefits are obvious, especially for new users, and I think > that lowering the barrier to script usage will greatly increase both the > number of people who use various scripts and the incentive to place scripts > on the wiki (especially if the fetch mechanism makes it easy for script > authors to provide a citation/DOI/etc.). > > I've put up a tentative page about this on the wiki > (http://pymolwiki.org/index.php/Fetching_scripts), and I'd love comments > either via the list, private email or on the wiki, especially about > > - whether you think it's a good idea > - security and validation > - options you'd like > - implementation issues > > The plan is to write this as a userland script first. If issues relating to > security and validation can be resolved, we'll see if the official builds > want to include it. > > Cheers, > > -Michael > > -- > Michael Lerner, Ph.D. > IRTA Postdoctoral Fellow > Laboratory of Computational Biology NIH/NHLBI > 5635 Fishers Lane, Room T909, MSC 9314 > Rockville, MD 20852 (UPS/FedEx/Reality) > Bethesda MD 20892-9314 (USPS) > ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ PyMOL-users mailing list (PyMOL-users@lists.sourceforge.net) Info Page: https://lists.sourceforge.net/lists/listinfo/pymol-users Archives: http://www.mail-archive.com/pymol-users@lists.sourceforge.net
