{{code}} - it's not pure Python, it's using Python as template language >From {{code}} it's possible to access all web2py environment (session, request and etc. ) I think, If you want to execute users' code at your server, you have to execute it as separate process under truncated system account (sandbox) or you can write your own truncated Python-like interpreter (it's more interesting and flexible solution) - see Python Doc.
On Saturday, March 21, 2015 at 8:55:32 AM UTC+2, Robin Manoli wrote: > > Hey! > I'm wondering if it is possible to use {{code}} in a more secure way, like > disabling some basic python commands such as import. If I want some users > to be able to write their own python code, and then the python code is > stored in the db, but I don't want them to be able to access the file > system on the server, or other security issues. > > In fact what I really need is some if-else conditions and some local > variables. > > Any ideas? > > - Robin > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.