Sounds like you are building appengine! It provides per-user quotas, limited APIs, and individual datastore access...
OK, that was a facile comment, but it may give you an idea of how big a job you have ahead. You will need to build a finely grained authentication system, an access control layer between the user and the datastore, and pre-process python code to remove modules you don't like (and be prepared to argue with users who think that their favourite module should be allowed). Even then, unless you are a remarkable developer or your code was open and widely used so other developers could help shake out the bugs, it would be unlikely to stand up to anyone who wanted to abuse it. I'd suggest you look at removing or severely limiting python scripting - maybe don't allow imports at all. That resolves the datastore problem too. If you have to allow scripting, why not offer your app as a framework that users put on appengine themselves. That way they have their own datastore, authentication and can resolve abuse themselves. Maybe offer a service setting it up for them, if necessary. Cheers! Greg. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
