- Sandboxing would be ideal, but I don't know if there's infrastructure in python to support it. It might be easier to filter fetched scripts to only allow a restricted subset of python functions (the ast library looks like it might make this a bit easier). If a script can't access the network or hard disk, then it doesn't need to be trusted as much.
- The wiki doesn't appear to support SSL. So that means trusting the network to get to the wiki correctly, in addition to the wiki itself. I don't have any good ideas for how to work around this one.
Michael Lerner wrote:
I'm considering building in a mechanism for automatically fetching scripts from the PyMOL Wiki. The goal is to allow users to say
fetch findSurfaceResidues, type=script
findSurfaceResidues doShow=True, cutoff=0.5
The convenience benefits are obvious, especially for new users, and I think that lowering the barrier to script usage will greatly increase both the number of people who use various scripts and the incentive to place scripts on the wiki (especially if the fetch mechanism makes it easy for script authors to provide a citation/DOI/etc.).
I've put up a tentative page about this on the wiki (http://pymolwiki.org/index.php/Fetching_scripts), and I'd love comments either via the list, private email or on the wiki, especially about
- whether you think it's a good idea
- security and validation
- options you'd like
- implementation issues
The plan is to write this as a userland script first. If issues relating to security and validation can be resolved, we'll see if the official builds want to include it.
Michael Lerner, Ph.D.
IRTA Postdoctoral Fellow
Laboratory of Computational Biology NIH/NHLBI
5635 Fishers Lane, Room T909, MSC 9314
Rockville, MD 20852 (UPS/FedEx/Reality)
Bethesda MD 20892-9314 (USPS)