On 9/7/08, Ron Dippold <[EMAIL PROTECTED]> wrote: > > This is something Java actually does pretty well. I dislike it for the most > part, but its sandboxing is better than anything I've ever seen (except > certain secure OSes). Flash actually does it pretty well now too, though > holes keep turning up occasionally. Interestingly, unless they've changed > Flash or Java recently, I don't think there's anything that limits the > amount of cpu or memory usage since I still see one occasionally running off > into the weeds. The solution is just 'fix or don't run that jar/swf'. > > Anyhow, a security model needs to be included from the ground up, and > python went for the opposite approach - giving you near unlimited power to > tinker with things. Which is just great from an app dev standpoint - as long > as you don't hang yourself it's astoundingly easy to make huge fundamental > changes with small amounts of code. But its horrible if you're then trying > to prevent the code from doing 'naughty' operations. There have been at > least half a dozen attempts to sandbox python I can think of, all of which > failed, scuttled by some obscure reef that ends up making the whole thing > useless (because if there's a single hole, that's sufficient to blow the > whole thing wide open). You're welcome to try again, of course, but at least > research past efforts first. > > Porting python to a bytecode interpreter that's already secure has been the > most successful so far (Jython, IronPython), and I really like the idea of > using PyPy to convert to Flash. That seems the way to go to me, since > everyone has Flash.
i like the idea of converting to flash with pypy too... where can i find more information about this? is this useable already (by non-hardcore computer scientists :))? is it necessary to write your code in rpython then or can the full python language be used? > Ron >
