On 11/18/21 21:00, Dan Stromberg wrote:
On Thu, Nov 18, 2021 at 6:19 PM Chris Angelico <ros...@gmail.com> wrote:
On Fri, Nov 19, 2021 at 11:24 AM Dan Stromberg <drsali...@gmail.com>
wrote:
On Thu, Nov 18, 2021 at 12:21 PM Chris Angelico <ros...@gmail.com>
wrote:
If you're trying to make a Python-in-Python sandbox, I recommend not.
Instead, use an OS-level sandbox (a chroot, probably some sort of CPU
usage limiting, etc), and use that to guard the entire Python process.
Python-in-Python will basically *never* be secure.
Good advice to not try to sandbox python.
But chroot can sometimes be broken out of. It isn't a cure-all.
That's true, but it's way better than attempting Python-in-Python
sandboxing. In any case, all the options worth investigating will be
at the OS level.
(Or maybe higher, but I can't imagine it being practical to create
individual VMs for each client who comes to the web site.)
Actually, there are ports of CPython and Micropython that run inside a web
browser over WASM. Going with one of these might be safer.
indeed... see pyodide
https://github.com/pyodide/pyodide
--
https://mail.python.org/mailman/listinfo/python-list
