Does python have a sort of cooperative "pass" command? Whilst little
(other than an external monitoring process, assuming the monitor gets a
chance to do its thing) will stop someone writing this code;-
echo "hi mum"
a call like
echo "hi mum"
could be dealt with by having regular 'pass' type commands liberally
inserted into various api calls. Now, granted it's a little bit hacky to
do that, but it may well work.
One thing to keep in mind, is that python (and most any language, except
perhaps 'managed' code like java or .net) threading implementations will
change from OS to OS.
but there should be some sort of 'pass' command.
Actually, now I think about it , a simple 'wait' type thingo should do the
oh god, not near my manuals, sorry for the vague :(
Off topic, I wonder how well webware works on stackless python, because
many of these issues have quite elegant solutions with actors/green
On Tue, 20 Jun 2006, Oliver Bock wrote:
> I completely take your point that you cannot stop malicious users
> abusing scripting facilities. (Although if it weren't for the import
> statement, I think you could provide a limited set of functions in
> __globals__ and limit the abuse to overuse of the CPU.)
> I think I should explain the system: the software allows the design and
> execution of web surveys. The people writing code are constructing
> surveys and sometimes need to write Python fragments to decide (for
> example) which question is shown next. These designers work in house
> and are trusted, but not sophisticated programmers. The people who fill
> in the surveys (the great bulk of the activity) are not trusted and
> cannot write Python fragments.
> Unfortunately it's the nature of the business that the designers need to
> change the surveys and write code while the project is in field, so a
> separation into a development and a production system is not practical.
> So, these survey designers occasionally write infinite loops, and don't
> find them during testing. Then we invite 10000 people to do the survey
> and some of them (by some weird combination of answers) find the
> infinite loop in the code that is run on their behalves. Each of these
> users locks up a thread until none remain. (Or one user will lock up
> several via retries.) Then the server effectively stops working for
> _all_ in-progress users, most of whom get annoyed, give up, and stop the
> I'm looking for a better way to manage this situation.
> Shayne O'Neill wrote:
>> Or to clarify I mean you cant offer scripting to users, and make it so it
>> cant be abused. One of my old projects was to embed python in the citadel
>> groupware server [fun fact, I got webware working from inside the citadel
>> server] and yeah, couldnt make it secure at all, so ended up with signed
>> scripts in a secure directory only.
>> On Tue, 20 Jun 2006, Shayne O'Neill wrote:
>>> Hmm. Ok. What Im getting at, is that Im presuming that these scripts are
>>> at an administrative level? Python absolutely can not be made secure.
>>> There where attempts a while back at it, but it was found that it simply
>>> cant be done.
>>> Oh yeah, totally offtopic, but regarding the 'penis enhancing drug' thing,
>>> akismet has a python library, and it works the charm. I've integrated
>>> akismet into all my sites now, and one that was clocking a good 200+ spams
>>> a day has dropped to none.
> Webware-discuss mailing list