Hi,
I'm extremely new to python, and am looking at using it as an embedded
script engine in a dotnet project I'm working on. I'm currently playing
with the "Python for Net" (http://www.zope.org/Members/Brian/PythonNet)
stuff, and it seems to work well.
Googling for information on securing Pyth
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> > Would this sufficient? Are there any drawbacks or giant gaping holes?
> > I'm anticipating that I'd also need to block 'exec' and 'eval' to
> > prevent an import from being obfuscated past the pre-parse.
> >
> > Or is this a hopeless
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
> 42 wrote:
> > I was wondering if it would be effective to pre-parse incoming scripts
> > and reject those containing "import"?
>
> getattr(__builtins__, '__imp' + 'ort__')(&#
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> 42 wrote:
> > Thoughts? Still gaping holes?
>
> Certainly. And rather than rehash them all here, I'm going to suggest
> you check the comp.lang.python archives for any of the many past
> discussions
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
> Clearly, Pyton does not directly offer any kind of useful security sandbox
> capability, but since Java does, I suppose JPython is an option. I know there
> are a lot of downsides to JPython, but it should be a genuine solution to the
>
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> 42 wrote:
> > But for what its worth, I *am* curious what sorts of holes persist. I
> > did try googling the archives, but with no idea what I'm looking for --
> > python security brings up a mess
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> 42 wrote:
> > Or is this a hopeless cause?
> >
> > Finally, either way, would anyone recommend a different script engine
> > that might be more suitable for what I'm trying to accomplish that I
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> 42 wrote:
> > I was planning on "sanitizing" the language instead of relying on rexec
> > and bastion so issues with them shouldn't be relevant.
>
> I think in dealing with security, deciding
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
> 42 wrote:
> > FWIW I've already given up on making python secure. I agree that odds
> > are extremely high that I've missed something. I'm just curious to see
> > what one of the holes I
On Sunday 04 March 2007 13:56, bahoo wrote:
> I have ssh access to two linux machines (both WITHOUT root account),
> and I'd like to copy data from one to another.
> Since the directory structure is different, I want to specify in a
> script (ideally in python, because that's what I want to learn)
Hi,
I'm new to this group. I've tried finding my answer in existing messages,
but no such luck.
What I want to do is to compile/bundle/prepare/whatever_term a simple
Python script for deployment on a Windows machine. Installing Python
itself on that machine, is not an option. Ideally I would like
On Wednesday 17 January 2007 03:33, Gabriel Genellina wrote:
> At Tuesday 16/1/2007 19:49, Rikishi 42 wrote:
>
>>What I want to do is to compile/bundle/prepare/whatever_term a simple
>>Python script for deployment on a Windows machine. Installing Python
>>itself on that m
On Wednesday 17 January 2007 00:22, James Stroud wrote:
>> There is nothing graphical, nothing fancy about the script.
>> The only imports are: os, stat, string and time.
>>
>> Any suggestions on an - easy and clear - path to follow ?
>
>
> pyinstaller + innosetup.
I will look into it, thanks!
On Wednesday 17 January 2007 00:48, Larry Bates wrote:
>> There is nothing graphical, nothing fancy about the script.
>> The only imports are: os, stat, string and time.
>>
>> Any suggestions on an - easy and clear - path to follow ?
> I use py2exe and inno installer. Works great.
Thanks, I wil
On Thursday 18 January 2007 10:13, robert wrote:
> stay with py23 for "a script" (and more) and make <700kB
> independent distros - UPX and 7zip involved:
>
> http://groups.google.com/group/comp.lang.python/msg/edf469a1b3dc3802
Thanks, that might be an option. But I might just convince the person
15 matches
Mail list logo
