On Sat, Dec 20, 2003, Luke Kenneth Casson Leighton wrote: > On Sat, Dec 20, 2003 at 10:16:29AM -0500, Aahz wrote: >> >> Supposedly there's a middle ground of untrusted but non-hostile code, >> but what's the point of providing support for that? > > the example that i gave that was because i wanted to offer a subset > of python functionality to end-users such that they could run > DNS lookups, pings, check a web page existed, telnet to a box, > run commands and check the output. > > to some extent, i didn't care about things like __class__ because > 1) the users weren't that bright. > 2) the user's weren't that hostile. Yup. By "what's the point?" I didn't mean that there were no use cases; the problem is that such cases are not frequent enough to justify the effort. > rexec fitted the requirements perfectly - and it still does: it's > just been disabled and also changed into something that stops even > the library functions from writing to log files. > i couldn't even use the MySQLdb module which was kinda critical to > the database-driven backend. Well, you're free to maintain rexec as a separate project (or borrow from the still-maintained Zope system). But anything shipped as part of Python can't afford to assume your points 1) and 2). -- Aahz (aahz at pythoncraft.com) <*> http://www.pythoncraft.com/ Weinberg's Second Law: If builders built buildings the way programmers wrote programs, then the first woodpecker that came along would destroy civilization.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4