On Thu, May 28, 2009 at 09:06:14PM -0400, Andrew Dunstan wrote:
> Does Python 3 have some sort of usable sandbox that would mean we could
> have a trusted plpython?
Not sure if people are aware of object-capability based approaches to
security. A guy called Tav has come up with some code that constrains
python (i.e. you could build a sandbox out of it) and punch holes in
it where needed (i.e. you want to be able to execute queries in the
database but otherwise not, say, touch the filesystem). The most recent
description I've found is:
http://tav.espians.com/paving-the-way-to-securing-the-python-interpreter.html
-- Sam http://samason.me.uk/