Thanks again Richard, Dave for your useful hints. Just to clarify, the need of trusting a user with formula editing is for allowing a non-IT trusted user to edit the business logic that has to be processed in an application. That means getting data from the database, processing it, storing the results in the database. Dictionaries proved to be a safe way to deliver and receive data to/from the business rules.
Traditionally, this issue has been solved before with a business rules engine. Drools (http://www.drools.org/) is a good example I got to know, and I was looking for something similar for python when I realized that it is not easy to find those tools for python, probably because this language is easy enough. With regard to Jupyter, it has been for a long time in my radar, but I had no time to get to it. As for what I have read, Jupyter would be safe place to allow people to operate with the data but maybe there is no easy way to allow the user to give back the processed data, as Richard mentiond, but maybe I'm wrong. I don't foresee a lot of people editing formulas. This would be a critical task assigned to a well known and trusted user. Until now, as for the suggestiongs received I'm more inclined to explore the DSL way or creating a safe sandbox in python. Thank you guys for your useful help and interest. Best regards. El jueves, 28 de abril de 2016, 22:33:29 (UTC+2), Richard escribió: > > Good points... I forgot about the aspect of changing site way to make > calculation... At the same time, I understand the need as more specific for > some user the rest of the crowd stock with the basic calculation if they > don't know how to hack their own calculation function... In this context > Jupyter seems a good choice... It may seems odd to add such a dependancy > for the need at first but considering that your application can evolve and > you may be victim of the success you may need to extend the user base of > the feature and at some point you will not be able to "trust" your user(s) > (if you ever be able too)... > > On Thu, Apr 28, 2016 at 3:13 PM, Dave S <snide...@gmail.com <javascript:>> > wrote: > >> On Thursday, April 28, 2016 at 12:01:50 PM UTC-7, Richard wrote: >>> >>> Why not just found a way to attach Ipython notebook (which seem to had >>> been renamed Jupyter) to your app?? >>> >>> https://jupyter.org/ >>> >>> By providing dataset over which users can interact with... I am not sure >>> exactly how to do that, but one idea could be to db select data that user >>> can play with inside a module that can be import in an notebook... >>> >>> It would be very powerful and you don't have to care about security as >>> it assured by ipython notebook... >>> >>> Richard >>> >> >> That would be appropriate if the user just needs to play around with the >> data because they're looking for something interesting, or need a one-time >> calculation. >> >> If the user ("semi-administrator") needs to change how the website does a >> calculation that other users will see, a DSL would seem to be more >> appropriate. Or maybe one of those visual programming things where you use >> "virtual Lego(tm) pieces" which are compute blocks that you connect up (I >> don't know of any of those that would fit in as an IDE the way the web2py >> IDE fits the admin app). Yet Another Option would be a server-side sandbox >> that could flag unsafe actions, but I have no information on such a beast. >> >> /dps >> >> >>> >>> >>> >>> On Thu, Apr 28, 2016 at 2:31 AM, Carlos Kitu <carlo...@gmail.com> wrote: >>> >>>> Thank you very much Leonel. This is also a very useful hint. As with >>>> the previous recommendation I need a deeper knowledge about the subject to >>>> make a decission, and this is a good point to start with. >>>> >>>> Thank you and best regards. >>>> >>>> El miércoles, 27 de abril de 2016, 14:48:18 (UTC+2), Leonel Câmara >>>> escribió: >>>>> >>>>> Have you considered creating a DSL? Creating a DSL in python is quite >>>>> easy. Python might be easy but it is still an imperative language, >>>>> non-programmers don't think in either imperative or functional terms, >>>>> they >>>>> think declaratively, they want to declare what they want to the computer >>>>> and let it figure it out how to do it. >>>>> >>>> -- >>>> Resources: >>>> - http://web2py.com >>>> - http://web2py.com/book (Documentation) >>>> - http://github.com/web2py/web2py (Source code) >>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "web2py-users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to web2py+un...@googlegroups.com. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >> Resources: >> - http://web2py.com >> - http://web2py.com/book (Documentation) >> - http://github.com/web2py/web2py (Source code) >> - https://code.google.com/p/web2py/issues/list (Report Issues) >> --- >> You received this message because you are subscribed to the Google Groups >> "web2py-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to web2py+un...@googlegroups.com <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
