We had some discussion of this in the edu-sig meeting at PyCon. I alleged that I had read that there is no such thing as a Python sandbox. Others claimed that one could simply preprocess and disallow "dangerous" constructs. My allegation was based on an argument from authority; I recalled reading the assertion from one of the c.l.p. regulars that I consider authoritative, though I don't remember which (Frederick, Alex, Aahz perhaps?).
This is all in relation to why the rexec module went away, and is certainly relevant to what can be achieved in the sphere of teaching with python in general, and teaching python with python in particular. I refer you in particular to these messages from BDFL: http://mail.python.org/pipermail/python-dev/2002-December/031246.html http://mail.python.org/pipermail/python-dev/2002-December/031251.html So what is the scoop? Why does Guido say there is no such thing as a secure Python, and (as is generally reasonable) presuming he is correct on the matter, how can these sites work safely? thanks mt -- http://mail.python.org/mailman/listinfo/python-list
