jrpick wrote: > For security, I just mean that if I have it running on a server, I > don't want people to be able to do malicious things like play with the > filesystem, send mail, or drop mysql tables. More than a sandbox, > however: you shouldn't be able to disable it, or otherwise mess things > up so that I have to reinstall it or fix it. > > I don't know how I plan on accomplishing the security yet. What I did > with my system currently (in Perl) is to implement a giant parser that > goes through and does calculations as it works out a string. The user > can never invoke a function directly, even though it might feel like > it. When you say something like sin(30 degrees) there are hard-coded > regular expressions that look for it and call the sin function. This > way, there's essentially a white list of acceptable things the user > can do. This is different from doing something like rexec(code), > which I've read has security issues.
Okay, good, so you are looking at these things. Securely executing python is a subject with a long history. Recent developments include the ast module, though I think the high-level ast module is just in 2.6, and so is not usable in Sage just yet. See http://docs.python.org/dev/library/ast.html Jason --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to sage-devel@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/sage-devel URLs: http://www.sagemath.org -~----------~----~----~----~------~----~------~--~---
