Re: Safe-Python?

jredford@seelebrennt.lehman.com
Thu, 29 Sep 94 08:58:15 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Aaron Watters: "Source copyable software is better than artificial life"
Previous message: Des Kenny: "Re: Information on teaching OO and Reuse (redux)"
In reply to: Stephane I. Matis: "Re: Safe-Python?"
Next in thread: Guido.van.Rossum@cwi.nl: "Re: Safe-Python?"

> jredford@seelebrennt.lehman.com wrote:
> [munch]
> : And the other alternative is to look at the existing solution, a
> : custom language. Modify the flavoring, and turn the safty crank, and
> : you turn Python into MOO.

Ok. Tip for the future. Dont make vague stmts & assume people will see
the invisible reasoning.

> What's wrong with that ? Personally, I rather have a nice little language
> that I can write my scripts in, my Web Server, my MUD and especially my curses
> based menu system. Thus, I could have everything under one umbrella.

.. Or really a few umbrellas. Lets get real here folks. If there is
some wankadellic "exec_with_armed_guards_and_sentries()" then evey one
& his brother will provide a different list of "safe" calls to this
beast. This means you suddenly have no idea if your code will run from
here to there.

_WHY_ do you find it so compelling to want 1 grand unified language? I
use about 8 different languages for various things, each in its proper
place. The bizarre quest for 'consistant syntax' is somethign I dont
understand. I woudlnt want LISP with Python syntax, it makes no sense;
but there are things that can be programmed quite nicely in LISPy
dialects.

> Can it be made safe ? ... sure , I don't see why not.

I do. It wasnt designed to be safe from the start. From my own past
experience with Python internals, I simply have no faith that
reasonable security could be achieved w/o a 80% rewrite.

I might also add that this silly "exec_with_funky_params()" would be
slow as hell, compared to the normally quick speed of precompiled
Python.

> I'd like Python "safe" so that I can accomplish my idea of client/server
> Python, where a local Python interface "compiles" its request and shoots it to
> the server for excecution. Then, if the server can feedback code in a similar
> way that get's exceuted locally. In the end, such querry system will surpass
> plain HTML, which lacks standards in "on the fly" templates, image overlay,
> positioning control and more.

Well, just to make a brief assumption about what kind of code you'd
write... It would not be possible to efficiently (maybe at all)
compile the code on the client side, as it _should_ be making
references to code & data that is private to the server; if not, then
you are likely overdesigning. (ie, If the client has all the data & code,
why dosent it just execute it?).

And pardon me for pointing out that "better" ideas with bigger
buzzwords rarely win over "poor standards".

--
John Redford (AKA GArrow) | 3,600 hours of tape.
jredford@lehman.com       | 5 cans of Scotchguard.

Next message: Aaron Watters: "Source copyable software is better than artificial life"
Previous message: Des Kenny: "Re: Information on teaching OO and Reuse (redux)"
In reply to: Stephane I. Matis: "Re: Safe-Python?"
Next in thread: Guido.van.Rossum@cwi.nl: "Re: Safe-Python?"