Hi Peter,
On Wed, May 4, 2011 at 6:56 PM, Pete Meyer <pame...@mcw.edu> wrote:
>
> - Sandboxing would be ideal, but I don't know if there's infrastructure in
> python to support it. It might be easier to filter fetched scripts to only
> allow a restricted subset of python functions (the ast library looks like it
> might make this a bit easier). If a script can't access the network or hard
> disk, then it doesn't need to be trusted as much.
>
There are a couple of issues with this
- The last time I checked (which, admittedly, was a couple of years ago),
many people had tried and failed to set up such an environment within
Python. It turned out that there were very clever ways to get around any
sort of reasonable restrictions that people tried to impose (i.e. a
guaranteed-to-be-safe script couldn't actually do anything useful). I know
there has been a lot of desire for this, so maybe the problem has been
solved.
- There are some plugins that need access to the hard disk. I'm not sure
about scripts. If there exists a reasonable sandboxing (or AST-based)
solution, we'll have to run those scripts in "untrusted" mode, which is
probably fine.
>
> - The wiki doesn't appear to support SSL. So that means trusting the
> network to get to the wiki correctly, in addition to the wiki itself. I
> don't have any good ideas for how to work around this one.
>
My guess is that there's just never been a real need for SSL. Jason would be
the real authority here, but I'd guess that SSL would be possible if it
there's a strong push for it.
-Michael
>
> Pete
>
>
> Michael Lerner wrote:
>
>> Hi all,
>>
>> I'm considering building in a mechanism for automatically fetching scripts
>> from the PyMOL Wiki. The goal is to allow users to say
>>
>> fetch findSurfaceResidues, type=script
>> findSurfaceResidues doShow=True, cutoff=0.5
>>
>> The convenience benefits are obvious, especially for new users, and I
>> think that lowering the barrier to script usage will greatly increase both
>> the number of people who use various scripts and the incentive to place
>> scripts on the wiki (especially if the fetch mechanism makes it easy for
>> script authors to provide a citation/DOI/etc.).
>>
>> I've put up a tentative page about this on the wiki (
>> http://pymolwiki.org/index.php/Fetching_scripts), and I'd love comments
>> either via the list, private email or on the wiki, especially about
>>
>> - whether you think it's a good idea
>> - security and validation
>> - options you'd like
>> - implementation issues
>>
>> The plan is to write this as a userland script first. If issues relating
>> to security and validation can be resolved, we'll see if the official builds
>> want to include it.
>>
>> Cheers,
>>
>> -Michael
>>
>> --
>> Michael Lerner, Ph.D.
>> IRTA Postdoctoral Fellow
>> Laboratory of Computational Biology NIH/NHLBI
>> 5635 Fishers Lane, Room T909, MSC 9314
>> Rockville, MD 20852 (UPS/FedEx/Reality)
>> Bethesda MD 20892-9314 (USPS)
>>
>>
>
--
Michael Lerner, Ph.D.
IRTA Postdoctoral Fellow
Laboratory of Computational Biology NIH/NHLBI
5635 Fishers Lane, Room T909, MSC 9314
Rockville, MD 20852 (UPS/FedEx/Reality)
Bethesda MD 20892-9314 (USPS)
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
PyMOL-users mailing list (PyMOL-users@lists.sourceforge.net)
Info Page: https://lists.sourceforge.net/lists/listinfo/pymol-users
Archives: http://www.mail-archive.com/pymol-users@lists.sourceforge.net
