[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [pygame] Scripting language
Farai Aschwanden wrote:
Ok, as far as I understand now you want to let players changing their
Avatars over a script language via Internet. Hmmm, nice feature letting
players create their own scripts. Well, Im not a security guy but
letting others use any (script) language that is technically able to
access the directory structure of the system is risky. Whether its
Python or any other not self written language you want to offer to you
users I only see the following options:
- The user scripts are running on a exposed machine
- The user rights are strongly restricted
- The script language you offer to players is limited in its
functionality (checking commands of players must be done then)
Maybe it already helps if you dont allow certain import functionalities
(specially no direct disk access).
The problem is that disk access is a built-in in Python. And if you want
to expose anything than you leave a way to go through your function to
your module and than to anything you want. That's the reason why
restricted execution was withdrawn from the stdlib. Nobody seems to care
about security enught to handle this (rather difficult) problem.
--
regards,
Jakub Piotr CÅapa