In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says... > 42 wrote: > > Thoughts? Still gaping holes? > > Certainly. And rather than rehash them all here, I'm going to suggest > you check the comp.lang.python archives for any of the many past > discussions about this before you spend too much time thinking > (repeatedly) that you've nailed that one last hole only to have somebody > point out yet another way around it. > > -Peter >
Fair enough. I'm more or less ready to 'give up' on this fantasy of python in a sandbox. I'll either use something else, or just accept the risk. :) But for what its worth, I *am* curious what sorts of holes persist. I did try googling the archives, but with no idea what I'm looking for -- python security brings up a mess of unrelated issues... Python in Apache, rexec/bastion stuff, xss, issues with infinite loops and many other 'security' issues that might be relevant to someone running python on a web server where you have to be concerned about DOS but not of any concern to me... and so on and so forth. Can you, or someone, at least give me a few keywords I should be looking for that will bring matches for the sorts of attachs you've hinted at? Mostly just to satisfy my curiousity. -regards, Dave -- http://mail.python.org/mailman/listinfo/python-list
