For security, I just mean that if I have it running on a server, I don't want people to be able to do malicious things like play with the filesystem, send mail, or drop mysql tables. More than a sandbox, however: you shouldn't be able to disable it, or otherwise mess things up so that I have to reinstall it or fix it.
I don't know how I plan on accomplishing the security yet. What I did with my system currently (in Perl) is to implement a giant parser that goes through and does calculations as it works out a string. The user can never invoke a function directly, even though it might feel like it. When you say something like sin(30 degrees) there are hard-coded regular expressions that look for it and call the sin function. This way, there's essentially a white list of acceptable things the user can do. This is different from doing something like rexec(code), which I've read has security issues. On Nov 24, 6:49 am, Jason Grout <[EMAIL PROTECTED]> wrote: > Jeff Pickhardt wrote: > > When I say "simple" I mean really, really, REALLY simple. So simple > > it's intuitive for non-programmers. I can program and I could always > > run Python scripts or use command line interfaces myself, but I have > > friends who want something even easier. My friends are pretty smart, > > they're just not programmers. They're intimidated by this stuff. > > > I'm thinking I'll probably just continue my own back end (which I've > > started rewriting in Python) but leverage some hand-picked advanced > > functionalities like integration. The advantage of this is that I can > > make it secure and easy to use; the disadvantage is that it'll be more > > work. It absolutely has to be easy and secure, though. > > What do you mean by "secure" and how to do you plan on accomplishing > that? There are some very tricky issues with making Sage secure from > malicious people. > > Jason --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to sage-devel@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/sage-devel URLs: http://www.sagemath.org -~----------~----~----~----~------~----~------~--~---
