On Thu, Nov 18, 2021 at 6:19 PM Chris Angelico <ros...@gmail.com> wrote:
> On Fri, Nov 19, 2021 at 11:24 AM Dan Stromberg <drsali...@gmail.com> > wrote: > > > > > > On Thu, Nov 18, 2021 at 12:21 PM Chris Angelico <ros...@gmail.com> > wrote: > >> > >> If you're trying to make a Python-in-Python sandbox, I recommend not. > >> Instead, use an OS-level sandbox (a chroot, probably some sort of CPU > >> usage limiting, etc), and use that to guard the entire Python process. > >> Python-in-Python will basically *never* be secure. > > > > > > Good advice to not try to sandbox python. > > > > But chroot can sometimes be broken out of. It isn't a cure-all. > > > > That's true, but it's way better than attempting Python-in-Python > sandboxing. In any case, all the options worth investigating will be > at the OS level. > > (Or maybe higher, but I can't imagine it being practical to create > individual VMs for each client who comes to the web site.) > Actually, there are ports of CPython and Micropython that run inside a web browser over WASM. Going with one of these might be safer. -- https://mail.python.org/mailman/listinfo/python-list