Steven D'Aprano <[EMAIL PROTECTED]> writes: > I suspect your best bet might be to write a mini-language using > Python, and get your users to use that. You will take a small > performance hit, but security will be very much improved. > > What do others think?
That is the only approach that makes any sense. Even with restricted execution there's no way to stop memory exhaustion with restricted Python statements. Consider xxx = 'x'*10000000000 -- http://mail.python.org/mailman/listinfo/python-list
