In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says... > > Would this sufficient? Are there any drawbacks or giant gaping holes? > > I'm anticipating that I'd also need to block 'exec' and 'eval' to > > prevent an import from being obfuscated past the pre-parse. > > > > Or is this a hopeless cause? > > Yes. There have been numerous discussions about this, and there are so > many different ways to overcome such imposed limitations - it won't work. > > > > > Finally, either way, would anyone recommend a different script engine > > that might be more suitable for what I'm trying to accomplish that I > > might not have looked at. I don't need much; it needs to work with C#, > > and be able to easily interact with 'published' interface. I'd also like > > to leverage a "popular" language instead of something obscure. > > Maybe LUA? I only heard that it's well suited for such tasks. > > The overall question for me is: Why crippled acess at all? What do you > fear your users could do that harms you or others? There are of coures > valid reasons, I don't question that generally. E.g. applets and the > like. So what is the actual usecase?
Basically I just want a language to allow users to write macros, interact with application objects, set property values, sequence operations, supporting loops and branch logic and so forth. Something along the lines of a drawing program that allowed uers to write and/or download scripts to perform batches of arbitrary (parameterized) operations. e.g.scripts along the lines of: function drawfan(x,y,r) i=45 while (i<90) if i.isEven() color=red; else color=blue; PublishedInterface.Drawline(x,y, x+r*sin(i), y+r*cos(i),color) i++ end while I want the 'worst case' a malicious script to be able to accompish to be a program crash or hang. regards, -- http://mail.python.org/mailman/listinfo/python-list