Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.lang.python > #15964 > unrolled thread

Server Questions (2 of them)

Started byAndrew <andrew.chapkowski@gmail.com>
First post2011-11-20 12:02 -0800
Last post2011-11-21 07:28 +0100
Articles 6 — 6 participants

Back to article view | Back to comp.lang.python


Contents

  Server Questions (2 of them) Andrew <andrew.chapkowski@gmail.com> - 2011-11-20 12:02 -0800
    Re: Server Questions (2 of them) Chris Angelico <rosuav@gmail.com> - 2011-11-21 08:34 +1100
    Re: Server Questions (2 of them) Hrvoje Niksic <hniksic@xemacs.org> - 2011-11-20 22:44 +0100
      Re: Server Questions (2 of them) Christian Heimes <lists@cheimes.de> - 2011-11-21 01:27 +0100
        Re: Server Questions (2 of them) alex23 <wuwei23@gmail.com> - 2011-11-20 20:26 -0800
    Re: Server Questions (2 of them) Nizamov Shawkat <nizamov.shawkat@gmail.com> - 2011-11-21 07:28 +0100

#15964 — Server Questions (2 of them)

FromAndrew <andrew.chapkowski@gmail.com>
Date2011-11-20 12:02 -0800
SubjectServer Questions (2 of them)
Message-ID<4c5cedc5-65e4-4bca-a7fe-7afffde79c88@s6g2000vbc.googlegroups.com>
Hello List,

How to do you create a server that accepts a set of user code?

For example,

I would like to send this function:
def addition(x,y):
   return x+y
and have the socket server perform the operation and send is back to
the end user.

Question 2:
On that same server, I want a user to be able to pass a file to the
server along with code.  What is the best way to pass file to the
server?


Thank you for any suggestions or resources you can provide.

Andrew

[toc] | [next] | [standalone]


#15967

FromChris Angelico <rosuav@gmail.com>
Date2011-11-21 08:34 +1100
Message-ID<mailman.2876.1321824872.27778.python-list@python.org>
In reply to#15964
On Mon, Nov 21, 2011 at 7:02 AM, Andrew <andrew.chapkowski@gmail.com> wrote:
> Hello List,
>
> How to do you create a server that accepts a set of user code?
>
> For example,
>
> I would like to send this function:
> def addition(x,y):
>   return x+y
> and have the socket server perform the operation and send is back to
> the end user.
>
> Question 2:
> On that same server, I want a user to be able to pass a file to the
> server along with code.  What is the best way to pass file to the
> server?

The easiest way is to write an HTTP server (Python has some tools that
will make this easy) and use an HTML form, which can do file uploads
as well as accept keyed-in code.

However, you will run into some fairly major security issues. You're
accepting code across the internet and running it. Python does not
protect you against malicious users reading files from your hard disk
or, worse, modifying those files. This sort of thing can ONLY be used
in a trusted environment - a local network on which you know
everything that's happening.

ChrisA

[toc] | [prev] | [next] | [standalone]


#15969

FromHrvoje Niksic <hniksic@xemacs.org>
Date2011-11-20 22:44 +0100
Message-ID<8762iesc3q.fsf@xemacs.org>
In reply to#15964
Andrew <andrew.chapkowski@gmail.com> writes:

> How to do you create a server that accepts a set of user code?
[...]

Look up the "exec" statement, the server can use it to execute any code
received from the client as a string.

Note "any code", though; exec runs in no sandbox and if a malicious
client defines addition(1, 2) to execute os.system('sudo rm -rf /'), the
server will happily do just that.

[toc] | [prev] | [next] | [standalone]


#15972

FromChristian Heimes <lists@cheimes.de>
Date2011-11-21 01:27 +0100
Message-ID<mailman.2881.1321835300.27778.python-list@python.org>
In reply to#15969
Am 20.11.2011 22:44, schrieb Hrvoje Niksic:
> Andrew <andrew.chapkowski@gmail.com> writes:
> 
>> How to do you create a server that accepts a set of user code?
> [...]
> 
> Look up the "exec" statement, the server can use it to execute any code
> received from the client as a string.
> 
> Note "any code", though; exec runs in no sandbox and if a malicious
> client defines addition(1, 2) to execute os.system('sudo rm -rf /'), the
> server will happily do just that.

It's possible to sandbox Python code, see
http://docs.python.org/library/rexec.html,
http://code.activestate.com/recipes/496746-restricted-safe-eval/ or TTW
code (through the web) in Zope. However the sandboxing is limited and
you really need to know what you are doing.

[toc] | [prev] | [next] | [standalone]


#15978

Fromalex23 <wuwei23@gmail.com>
Date2011-11-20 20:26 -0800
Message-ID<4e7f81b4-f394-40fa-91ff-fcc6a27d9a1c@k5g2000pre.googlegroups.com>
In reply to#15972
On Nov 21, 10:27 am, Christian Heimes <li...@cheimes.de> wrote:
> It's possible to sandbox Python code, see
> http://docs.python.org/library/rexec.html

Although this has been deprecated since 2.6 & removed from 3.x (and
cautioned against for as long as I've used Python).

PyPy provides some sandboxing functionality that might be useful here:
http://codespeak.net/pypy/dist/pypy/doc/sandbox.html

[toc] | [prev] | [next] | [standalone]


#15984

FromNizamov Shawkat <nizamov.shawkat@gmail.com>
Date2011-11-21 07:28 +0100
Message-ID<mailman.2886.1321856887.27778.python-list@python.org>
In reply to#15964
2011/11/20 Andrew <andrew.chapkowski@gmail.com>:
> Hello List,
>
> How to do you create a server that accepts a set of user code?
>
> For example,
>
> I would like to send this function:
> def addition(x,y):
>   return x+y
> and have the socket server perform the operation and send is back to
> the end user.
>
> Question 2:
> On that same server, I want a user to be able to pass a file to the
> server along with code.  What is the best way to pass file to the
> server?
>
>
> Thank you for any suggestions or resources you can provide.
>
> Andrew
> --
> http://mail.python.org/mailman/listinfo/python-list
>

Check for Pyro - it allows creation of objects on client side while
running them on server side. Pyro makes this process almost
transparent using proxy objects.

Hope it helps,
S.Nizamov

[toc] | [prev] | [standalone]


Back to top | Article view | comp.lang.python


csiph-web