Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2009-February/086456.html below:

[Python-Dev] Python jail: whitelist vs blacklist

• Previous message: [Python-Dev] Python jail: whitelist vs blacklist
• Next message: [Python-Dev] Core sprint page for PyCon 2009 now up
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Victor Stinner wrote:
> This approach was implemented in PyPy using two interpreters. 
> 
> In CPython, we may use proxies on anything to check all operations.
>   jail   -- validations --> real world
>   jail <-- proxy objects -- real world
> 
> tav's jail might be converted to the whitelist approach:
>  - add proxy to __builtins__
>  - add proxy to globals()
>  - add proxy to dir()
>  - ... well, add proxies to anything going to the jail ;-) and make sure that
>    a proxy can not be modified by itself or read private attributes
> 
> My approach is maybe naive and imposible to implement :-)

Something similar to your approach is already implemented in Zope 3's
security system. Have a look at
http://svn.zope.org/zope.security/trunk/src/zope/security/

Christian

• Previous message: [Python-Dev] Python jail: whitelist vs blacklist
• Next message: [Python-Dev] Core sprint page for PyCon 2009 now up
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4