use of exec()
Chris Angelico
rosuav at gmail.com
Thu Oct 18 11:16:46 EDT 2012
More information about the Python-list mailing list
Thu Oct 18 11:16:46 EDT 2012
- Previous message (by thread): use of exec()
- Next message (by thread): use of exec()
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, Oct 19, 2012 at 2:00 AM, lars van gemerden <lars at rational-it.com> wrote: > I get your point, since in this case having the custom code option makes the system a whole lot less complex and flexible, i will leave the option in. The future customer will be informed that they should handle the security around the designers as if they were programmers. Aditionally i will probably add some screening for unwanted keywords (like 'import') and securely log any new/changed custom code including the designer account (must do that for other actions anyway). That sounds like a reasonable implementation of Layer Eight security. As long as everyone understands that this code can do ANYTHING, you'll be fine. You may want to add some other programmatic checks, though; for instance, a watchdog timer in case the code gets stuck in an infinite loop, or a memory usage limit, or somesuch. Since you're no longer worrying about security, this sort of thing will be fairly easy, and will be just to help catch common errors. ChrisA
- Previous message (by thread): use of exec()
- Next message (by thread): use of exec()
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-list mailing list