"Frank Millman" <fr...@chagford.com>: > If I store the business rule in Python code, how do I prevent > untrusted users putting malicious code in there? I presume I would > have to execute the code by calling eval(), which we all know is > dangerous. Is there another way of executing it that I am unaware of?
This is a key question. A couple of days back I stated the principle that a programming language is better than a rule language. That principle is followed by PostScript printers, Java applets, web pages with JavaScript, emacs configuration files etc. The question is how do you get the desired benefits without opening the door to sabotage. You have to shield CPU usage, memory usage, disk access, network access etc. You can google for solutions with search terms such as "python sandbox", "linux sandbox" and "linux container sandbox". Marko -- https://mail.python.org/mailman/listinfo/python-list
