On Thu, May 28, 2009 at 09:06:14PM -0400, Andrew Dunstan wrote: > Does Python 3 have some sort of usable sandbox that would mean we could > have a trusted plpython?
Not sure if people are aware of object-capability based approaches to security. A guy called Tav has come up with some code that constrains python (i.e. you could build a sandbox out of it) and punch holes in it where needed (i.e. you want to be able to execute queries in the database but otherwise not, say, touch the filesystem). The most recent description I've found is: http://tav.espians.com/paving-the-way-to-securing-the-python-interpreter.html -- Sam http://samason.me.uk/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
