[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [pygame] pygame web plugin



J Dunford wrote:
On Fri, Sep 5, 2008 at 6:07 PM, machinimist@xxxxxxxxx <mailto:machinimist@xxxxxxxxx> <machinimist@xxxxxxxxx <mailto:machinimist@xxxxxxxxx>> wrote:

    hi,
i would like to bring up this topic again since a python based
    open source alternative to flash which could be used to create
    browser games would be super awesome. :)
if i understand this correctly then the main problem of something
    like that is security.

In my experience, the general consensus with sandboxing python is - don't try it. There are simply too many holes to plug, and finding them in the first place is often a matter of trial and error.

Having said that, there was a blog post recently (sorry, don't remember where) that talked about compiling Python into Tamarin VM code. There was some mention of either using PyPy as a starting point, or perhaps as a reference model.

So what you're proposing may already be in the works. :)



Sandboxing python must be done at the operating system and process level, not with Python itself. Google is already running tons of "untrusted" python code with their Google App Hosting. The interpreter and modules are modified a bit themselves, but the real security comes from real process sandboxing.

I also believe you can do pretty good sandboxing with different Python runtimes. I think Jython and Ironpython can both be run in containers that those systems provide. The default "CPython" interpreter can probably only be as secure as C itself.