|
Boost : |
From: williamkempf_at_[hidden]
Date: 2001-11-09 16:06:37
--- In boost_at_y..., "Ed Brey" <edbrey_at_y...> wrote:
> From: <williamkempf_at_h...>
> > Python scripts like this would be nice to place on the Wiki.
>
> Scripting code on a Wiki sounds dangerous. After a script has been
posted, a malicious user could come in and modify the script to
include some nasty code. Per the Wiki spirit, the bad code will be
detected and easily undone; however, until then, the script can have
its way with unsuspecting users with unfortunate timing.
>
> I know that Python has a restricted execution environment, which
can clamp down on what untrusted code can do. Perhaps a Python
expert can provide some words of advice in this area.
A valid concern, but I wouldn't expect anyone to run a script they
did not evaluate. Scripts provided by someone else are dangerous
regardless of the "deployment" mechanism. However, their usefulness
is such that it's nice to have them shared.
Bill Kempf
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk