[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [pygame] Scripting language



Hmm true for file opening. Adding paths needs the OS module, but you're right.

I like the way Brian just sent before. I dont know any language that restricts its usage (would be neat feature for certain projects).


Am 19.12.2006 um 00:27 schrieb Jakub Piotr CÅapa:

Farai Aschwanden wrote:
Ok, as far as I understand now you want to let players changing their Avatars over a script language via Internet. Hmmm, nice feature letting players create their own scripts. Well, Im not a security guy but letting others use any (script) language that is technically able to access the directory structure of the system is risky. Whether its Python or any other not self written language you want to offer to you users I only see the following options:
- The user scripts are running on a exposed machine
- The user rights are strongly restricted
- The script language you offer to players is limited in its functionality (checking commands of players must be done then)
Maybe it already helps if you dont allow certain import functionalities (specially no direct disk access).

The problem is that disk access is a built-in in Python. And if you want to expose anything than you leave a way to go through your function to your module and than to anything you want. That's the reason why restricted execution was withdrawn from the stdlib. Nobody seems to care about security enught to handle this (rather difficult) problem.


--
regards,
Jakub Piotr CÅapa