Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #15964 > unrolled thread
| Started by | Andrew <andrew.chapkowski@gmail.com> |
|---|---|
| First post | 2011-11-20 12:02 -0800 |
| Last post | 2011-11-21 07:28 +0100 |
| Articles | 6 — 6 participants |
Back to article view | Back to comp.lang.python
Server Questions (2 of them) Andrew <andrew.chapkowski@gmail.com> - 2011-11-20 12:02 -0800
Re: Server Questions (2 of them) Chris Angelico <rosuav@gmail.com> - 2011-11-21 08:34 +1100
Re: Server Questions (2 of them) Hrvoje Niksic <hniksic@xemacs.org> - 2011-11-20 22:44 +0100
Re: Server Questions (2 of them) Christian Heimes <lists@cheimes.de> - 2011-11-21 01:27 +0100
Re: Server Questions (2 of them) alex23 <wuwei23@gmail.com> - 2011-11-20 20:26 -0800
Re: Server Questions (2 of them) Nizamov Shawkat <nizamov.shawkat@gmail.com> - 2011-11-21 07:28 +0100
| From | Andrew <andrew.chapkowski@gmail.com> |
|---|---|
| Date | 2011-11-20 12:02 -0800 |
| Subject | Server Questions (2 of them) |
| Message-ID | <4c5cedc5-65e4-4bca-a7fe-7afffde79c88@s6g2000vbc.googlegroups.com> |
Hello List, How to do you create a server that accepts a set of user code? For example, I would like to send this function: def addition(x,y): return x+y and have the socket server perform the operation and send is back to the end user. Question 2: On that same server, I want a user to be able to pass a file to the server along with code. What is the best way to pass file to the server? Thank you for any suggestions or resources you can provide. Andrew
[toc] | [next] | [standalone]
| From | Chris Angelico <rosuav@gmail.com> |
|---|---|
| Date | 2011-11-21 08:34 +1100 |
| Message-ID | <mailman.2876.1321824872.27778.python-list@python.org> |
| In reply to | #15964 |
On Mon, Nov 21, 2011 at 7:02 AM, Andrew <andrew.chapkowski@gmail.com> wrote: > Hello List, > > How to do you create a server that accepts a set of user code? > > For example, > > I would like to send this function: > def addition(x,y): > return x+y > and have the socket server perform the operation and send is back to > the end user. > > Question 2: > On that same server, I want a user to be able to pass a file to the > server along with code. What is the best way to pass file to the > server? The easiest way is to write an HTTP server (Python has some tools that will make this easy) and use an HTML form, which can do file uploads as well as accept keyed-in code. However, you will run into some fairly major security issues. You're accepting code across the internet and running it. Python does not protect you against malicious users reading files from your hard disk or, worse, modifying those files. This sort of thing can ONLY be used in a trusted environment - a local network on which you know everything that's happening. ChrisA
[toc] | [prev] | [next] | [standalone]
| From | Hrvoje Niksic <hniksic@xemacs.org> |
|---|---|
| Date | 2011-11-20 22:44 +0100 |
| Message-ID | <8762iesc3q.fsf@xemacs.org> |
| In reply to | #15964 |
Andrew <andrew.chapkowski@gmail.com> writes:
> How to do you create a server that accepts a set of user code?
[...]
Look up the "exec" statement, the server can use it to execute any code
received from the client as a string.
Note "any code", though; exec runs in no sandbox and if a malicious
client defines addition(1, 2) to execute os.system('sudo rm -rf /'), the
server will happily do just that.
[toc] | [prev] | [next] | [standalone]
| From | Christian Heimes <lists@cheimes.de> |
|---|---|
| Date | 2011-11-21 01:27 +0100 |
| Message-ID | <mailman.2881.1321835300.27778.python-list@python.org> |
| In reply to | #15969 |
Am 20.11.2011 22:44, schrieb Hrvoje Niksic:
> Andrew <andrew.chapkowski@gmail.com> writes:
>
>> How to do you create a server that accepts a set of user code?
> [...]
>
> Look up the "exec" statement, the server can use it to execute any code
> received from the client as a string.
>
> Note "any code", though; exec runs in no sandbox and if a malicious
> client defines addition(1, 2) to execute os.system('sudo rm -rf /'), the
> server will happily do just that.
It's possible to sandbox Python code, see
http://docs.python.org/library/rexec.html,
http://code.activestate.com/recipes/496746-restricted-safe-eval/ or TTW
code (through the web) in Zope. However the sandboxing is limited and
you really need to know what you are doing.
[toc] | [prev] | [next] | [standalone]
| From | alex23 <wuwei23@gmail.com> |
|---|---|
| Date | 2011-11-20 20:26 -0800 |
| Message-ID | <4e7f81b4-f394-40fa-91ff-fcc6a27d9a1c@k5g2000pre.googlegroups.com> |
| In reply to | #15972 |
On Nov 21, 10:27 am, Christian Heimes <li...@cheimes.de> wrote: > It's possible to sandbox Python code, see > http://docs.python.org/library/rexec.html Although this has been deprecated since 2.6 & removed from 3.x (and cautioned against for as long as I've used Python). PyPy provides some sandboxing functionality that might be useful here: http://codespeak.net/pypy/dist/pypy/doc/sandbox.html
[toc] | [prev] | [next] | [standalone]
| From | Nizamov Shawkat <nizamov.shawkat@gmail.com> |
|---|---|
| Date | 2011-11-21 07:28 +0100 |
| Message-ID | <mailman.2886.1321856887.27778.python-list@python.org> |
| In reply to | #15964 |
2011/11/20 Andrew <andrew.chapkowski@gmail.com>: > Hello List, > > How to do you create a server that accepts a set of user code? > > For example, > > I would like to send this function: > def addition(x,y): > return x+y > and have the socket server perform the operation and send is back to > the end user. > > Question 2: > On that same server, I want a user to be able to pass a file to the > server along with code. What is the best way to pass file to the > server? > > > Thank you for any suggestions or resources you can provide. > > Andrew > -- > http://mail.python.org/mailman/listinfo/python-list > Check for Pyro - it allows creation of objects on client side while running them on server side. Pyro makes this process almost transparent using proxy objects. Hope it helps, S.Nizamov
[toc] | [prev] | [standalone]
Back to top | Article view | comp.lang.python
csiph-web