Jon Ribbens <jon+use...@unequivocal.co.uk> writes: >> That string decodes to "__private". > Yes, and? ... The namespace > I was suggesting didn't provide access to any objects which have a > 'get()' method which would access attributes.
I see, I forgot that getattr is a function, not an object method. Though, now you've got the problem that there isn't enough capability left to do much interesting. I used web.py for a while, that had a complete interpeter for a sandboxed Python-like language written in Python itself. That's a brutal way to deal with the problem, and it had annoyances, but it seemed to work. You presumably also want to limit CPU usage etc. Geordi (the C++ irc bot) now just launches the user script in a Docker container, I think. Before that it had some fancier sandboxing approaches. Lua is supposed to be easy to embed and sandbox. It might be interesting to write Python bindings for the Lua interpreter sometime. -- https://mail.python.org/mailman/listinfo/python-list
