"Cameron Laird" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > The original poster wants to work in Python. That's > fine. Several of us have suggested he further > expose Python itself to his end-users as an extension > language. That certainly is feasible. He needn't > explain all of Python to those end-users--probably > only a bit about "assignments", control structures, > and maybe lists. > > That approach creates a sort of fragility, though. > Python includes, along with much else, os.unlink(). > Suppose our original poster doesn't want end-users > to be able to delete files (or directories ...).
I don't remember if the OP specified *where* the scripted application is to be run. If on a server, then *any* language with loops is vulnerable to malicious users. If on a person's own desktop machine, where one can run 'diskformat' or the equivalent, or pick up and drop the machine, then worrying about Python security seems superfluous. Why worry, for instance, about os.unlink when the user can just do the same much easier in a text or gui shell? Terry J. Reedy -- http://mail.python.org/mailman/listinfo/python-list
