| Subcribe via RSS

Secur(e/ing) Python?

May 30th, 2007 Posted in Programming, Python

I was reading over some of the new(er) comments on the Bugzilla Language comments page and one of them caught my eye:

Zope 3 indeed has zope.security (soon coming as an egg near you :). README.txt, code, svn co svn://svn.zope.org/repos/main/zope.security/trunk zope.security) - faassen

Reading that reminded me of Brett Cannon's work around securing the interpreter.

Restricted access / sand boxing is something I'd love to poke around in (one day, the amount of things I want to work on is growing) - the OLPC uses the very nice Bitfrost model for it's security "platform" and having something easily access/leveraged within the Python interpreter landscape for secure python application implementation would be great.

You can see some of Brett's additional work here:Python security paper online and Rethinking Imports

Here's a cool ASPN recipe too: Restricted "safe" eval.

I highly recommend people look at the new Zope stuff and Brett's work, I'll be freshening my python src tree dump and try compiling it one of these days.

This entry was posted on Wednesday, May 30th, 2007 at 8:52 pm and is filed under Programming, Python. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

One Response to “Secur(e/ing) Python?”

  1. Martijn Faassen Says:

    May 31st, 2007 at 9:42 am

    The Zope security work isn’t new. It’s been part of Zope 3 for a few years now and has been used in production settings.


Leave a Reply