On 05/10/2012 23:22, Robin Krahl wrote:
Hi all,
I need to execute untrusted scripts in my Python application. To avoid security issues, I want to
use a sandboxed environment. This means that the script authors have no access to the file system.
They may only access objects, modules and classes that are "flagged" or
"approved" for scripting.
I read that I will not be able to do this with Python scripts. (See SandboxedPython page
in the Python wiki [0] and several SE.com questions, e. g. [1].) So my question is: What
is the best way to "embed" a script engine in a sandboxed environment that has
access to the Python modules and classes that I provide?
Thanks for your help.
Best regards,
Robin
[0] http://wiki.python.org/moin/SandboxedPython
[1]
http://stackoverflow.com/questions/3068139/how-can-i-sandbox-python-in-pure-python
As good a starting point as any
http://www.velocityreviews.com/forums/t716131-challenge-escape-from-the-pysandbox.html
?
Also throw "python experimental sandbox" into your search engine and
follow your nose, something might come up smelling of roses :)
--
Cheers.
Mark Lawrence.
--
http://mail.python.org/mailman/listinfo/python-list