--On 16. August 2008 13:11:13 +0200 "M.-A. Lemburg" <[EMAIL PROTECTED]> wrote:
In my experience, attempts to create a sandbox that protects sufficiently against unwanted resource usage are either too restrictive and slow to make them useful or have problems preventing DOS attacks.
I think you can't solve the issue with the standard technology we have in CPython. I remember that Python once had a restricted execution environment. Wasn't it buggy as hell? RestrictedPython of Zope surely similar problems. As with all such restricted execution environment (not only in Zope): they are attackable.
It's usually a lot better (and more efficient) to use trusted code only.
Definitely. A common development pattern is the usage of CMF and portal_skins where you work with PythonScripts on the filesystem. The scripts themselves still run under the control of RestrictedPython however the whole development model can be regarded as being trusted.
BTW: The reason why I had a look at these was that Chris Withers mentioned at EuroPython that they are currently causing delays in the Python 2.5 adoption (or at least are one of the reasons for them).
Is Chris' talk somewhere online? Andreas
Description: PGP signature
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )