Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #31652

Re: use of exec()

References <2f12fa83-54cc-4fc2-85e4-b8aebebf4242@googlegroups.com> <mailman.2425.1350560975.27098.python-list@python.org> <05702a47-ff6b-4589-8352-d21b1921e77e@googlegroups.com> <mailman.2438.1350570579.27098.python-list@python.org> <2e5df7eb-7781-4c32-a9a7-088be940a4d3@googlegroups.com>
Date 2012-10-19 02:16 +1100
Subject Re: use of exec()
From Chris Angelico <rosuav@gmail.com>
Newsgroups comp.lang.python
Message-ID <mailman.2446.1350573409.27098.python-list@python.org> (permalink)

Show all headers | View raw

On Fri, Oct 19, 2012 at 2:00 AM, lars van gemerden <lars@rational-it.com> wrote:
> I get your point, since in this case having the custom code option makes the system a whole lot less complex and flexible, i will leave the option in. The future customer will be informed that they should handle the security around the designers as if they were programmers. Aditionally i will probably add some screening for unwanted keywords (like 'import') and securely log any new/changed custom code including the designer account (must do that for other actions anyway).

That sounds like a reasonable implementation of Layer Eight security.
As long as everyone understands that this code can do ANYTHING, you'll
be fine.

You may want to add some other programmatic checks, though; for
instance, a watchdog timer in case the code gets stuck in an infinite
loop, or a memory usage limit, or somesuch. Since you're no longer
worrying about security, this sort of thing will be fairly easy, and
will be just to help catch common errors.

ChrisA

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-18 04:41 -0700
  Re: use of exec() Chris Angelico <rosuav@gmail.com> - 2012-10-18 22:49 +1100
    Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-18 07:07 -0700
      Re: use of exec() Chris Angelico <rosuav@gmail.com> - 2012-10-19 01:29 +1100
        Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-18 08:00 -0700
          Re: use of exec() Chris Angelico <rosuav@gmail.com> - 2012-10-19 02:16 +1100
            Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-19 16:43 -0700
              Re: use of exec() Chris Angelico <rosuav@gmail.com> - 2012-10-20 13:00 +1100
                Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-20 03:41 -0700
                Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-20 03:41 -0700
            Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-19 16:43 -0700
        Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-18 08:00 -0700
    Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-18 07:07 -0700

csiph-web