I completely take your point that you cannot stop malicious users abusing scripting facilities. (Although if it weren't for the import statement, I think you could provide a limited set of functions in __globals__ and limit the abuse to overuse of the CPU.)
I think I should explain the system: the software allows the design and execution of web surveys. The people writing code are constructing surveys and sometimes need to write Python fragments to decide (for example) which question is shown next. These designers work in house and are trusted, but not sophisticated programmers. The people who fill in the surveys (the great bulk of the activity) are not trusted and cannot write Python fragments. Unfortunately it's the nature of the business that the designers need to change the surveys and write code while the project is in field, so a separation into a development and a production system is not practical. So, these survey designers occasionally write infinite loops, and don't find them during testing. Then we invite 10000 people to do the survey and some of them (by some weird combination of answers) find the infinite loop in the code that is run on their behalves. Each of these users locks up a thread until none remain. (Or one user will lock up several via retries.) Then the server effectively stops working for _all_ in-progress users, most of whom get annoyed, give up, and stop the survey. I'm looking for a better way to manage this situation. Oliver -- Shayne O'Neill wrote: > Or to clarify I mean you cant offer scripting to users, and make it so it > cant be abused. One of my old projects was to embed python in the citadel > groupware server [fun fact, I got webware working from inside the citadel > server] and yeah, couldnt make it secure at all, so ended up with signed > scripts in a secure directory only. > > > > On Tue, 20 Jun 2006, Shayne O'Neill wrote: > > >> Hmm. Ok. What Im getting at, is that Im presuming that these scripts are >> at an administrative level? Python absolutely can not be made secure. >> There where attempts a while back at it, but it was found that it simply >> cant be done. >> >> Oh yeah, totally offtopic, but regarding the 'penis enhancing drug' thing, >> akismet has a python library, and it works the charm. I've integrated >> akismet into all my sites now, and one that was clocking a good 200+ spams >> a day has dropped to none. >> > _______________________________________________ Webware-discuss mailing list Webware-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/webware-discuss
