I know it's not possible to "sandbox" the Python Interpreter like you can the Java VM, but I'm wondering if there is a way to at least lock down internet access? Trying to do it at the O/S service level on Windows like ZoneAlarm does isn't feasible for me, but I thought there might be a way to do it at the Python Interpreter level in a way that would be hard to get around through clever code forming.
My application will be running several out of process Python Interpreters in a server pool. My desire is to at least keep authors from creating a situation where they are downloading Python scripts from a web server and running them, unless the owner of that station trusts a particular author enough to grant that kind of access. Is there any way to do this that's more bulletproof than trying to restrict access to known Socket based libraries? In other words, something that could stop things at the Socket level rather than trying to shepherd the situation by preventing the use of certain modules? Thanks, Robert -- http://mail.python.org/mailman/listinfo/python-list
