[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [pygame] pygame web plugin

To: pygame-users@xxxxxxxx
Subject: Re: [pygame] pygame web plugin
From: Ron Dippold <sizer@xxxxxxxxxx>
Date: Sun, 07 Sep 2008 13:56:52 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: pygame-users-outgoing@xxxxxxxx
Delivered-to: pygame-users@xxxxxxxx
Delivery-date: Sun, 07 Sep 2008 16:56:59 -0400
In-reply-to: <7c1ab96d0809071049j5a5bcf02p2619ab9494fc59b0@xxxxxxxxxxxxxx>
References: <7c3dfb90809051707yf077b20u188ba5d1f81bfcbe@xxxxxxxxxxxxxx> <60f02aeb0809061017n262be29cn2b7d0bfe418ee4bf@xxxxxxxxxxxxxx> <48C32CAF.4000406@xxxxxxxxxxxxxxxx> <BB47DD27-71F1-48EE-9EB3-CC367E26B048@xxxxxxxxxxxxxx> <7c1ab96d0809071049j5a5bcf02p2619ab9494fc59b0@xxxxxxxxxxxxxx>
Reply-to: pygame-users@xxxxxxxx
Sender: owner-pygame-users@xxxxxxxx
User-agent: Thunderbird 2.0.0.16 (Windows/20080708)

This is something Java actually does pretty well. I dislike it for the most part, but its sandboxing is better than anything I've ever seen (except certain secure OSes). Flash actually does it pretty well now too, though holes keep turning up occasionally. Interestingly, unless they've changed Flash or Java recently, I don't think there's anything that limits the amount of cpu or memory usage since I still see one occasionally running off into the weeds. The solution is just 'fix or don't run that jar/swf'.

Anyhow, a security model needs to be included from the ground up, and python went for the opposite approach - giving you near unlimited power to tinker with things. Which is just great from an app dev standpoint - as long as you don't hang yourself it's astoundingly easy to make huge fundamental changes with small amounts of code. But its horrible if you're then trying to prevent the code from doing 'naughty' operations. There have been at least half a dozen attempts to sandbox python I can think of, all of which failed, scuttled by some obscure reef that ends up making the whole thing useless (because if there's a single hole, that's sufficient to blow the whole thing wide open). You're welcome to try again, of course, but at least research past efforts first.

Porting python to a bytecode interpreter that's already secure has been the most successful so far (Jython, IronPython), and I really like the idea of using PyPy to convert to Flash. That seems the way to go to me, since everyone has Flash.

Ron

Follow-Ups:
- Re: [pygame] pygame web plugin
  - From: Bob Ippolito
- Re: [pygame] pygame web plugin
  - From: machinimist@xxxxxxxxx

References:
- [pygame] pygame web plugin
  - From: machinimist@xxxxxxxxx
- Re: [pygame] pygame web plugin
  - From: J Dunford
- Re: [pygame] pygame web plugin
  - From: Greg Ewing
- Re: [pygame] pygame web plugin
  - From: Noah Kantrowitz
- Re: [pygame] pygame web plugin
  - From: Campbell Barton

Prev by Author: Re: [pygame] Question - Comparing strings
Next by Author: Re: [pygame] SoundAnalyse
Previous by thread: Re: [pygame] pygame web plugin
Next by thread: Re: [pygame] pygame web plugin
Index(es):
- Author
- Thread