Chris Lambacher wrote: > On Wed, Aug 09, 2006 at 11:51:19AM -0400, Brendon Towle wrote: > I don't disagree with you. The problem is that the obvious way to do it > (eval) is a big security hole. In this case you are trusting that no one > inserts themselves between you and the website providing you with code to > EXECUTE. I have heard of people attempting to use the parser provided with > python and examining the AST to do this, but I think that approach is even > more complicated.
here's some things about sandboxing python: http://svn.python.org/view/python/branches/bcannon-sandboxing/securing_python.txt?rev=50717&view=log http://sayspy.blogspot.com/2006/07/still-working-on-security.html -- http://mail.python.org/mailman/listinfo/python-list
