{{code}} - it's not pure Python, it's using Python as template language
>From {{code}} it's possible to access all web2py environment (session,
request and etc. )
I think, If you want to execute users' code at your server, you have to
execute it as separate process under truncated system account (sandbox)
or you can write your own truncated Python-like interpreter (it's more
interesting and flexible solution) - see Python Doc.
On Saturday, March 21, 2015 at 8:55:32 AM UTC+2, Robin Manoli wrote:
>
> Hey!
> I'm wondering if it is possible to use {{code}} in a more secure way, like
> disabling some basic python commands such as import. If I want some users
> to be able to write their own python code, and then the python code is
> stored in the db, but I don't want them to be able to access the file
> system on the server, or other security issues.
>
> In fact what I really need is some if-else conditions and some local
> variables.
>
> Any ideas?
>
> - Robin
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
