> As Fredrik points out, embedded Python isn't the same as running > untrusted code. The reality is, Python has not been designed for running > untrusted code safely.
So how do python app's typically embed python? For example things like Zope and idle are scripted using Python - presumably they restrict the execution of the scripts to a restricted set of modules/objects - but how is this done? Perhaps idle doesn't require safety from untrusted code, but surely Zope does. So there must be some way of executing arbitrary untrusted code in an app within some kind of sandbox... -- http://mail.python.org/mailman/listinfo/python-list
