mysticgalaxies team mailing list archive

Thread
Date

Re: Python :(

To: mysticgalaxies@xxxxxxxxxxxxxxxxxxx
From: Braden Walters <meoblast@xxxxxxx>
Date: Wed, 27 May 2009 11:14:59 -0400
In-reply-to: <d51232210905262219r76749e27q99222d29c8ecff69@mail.gmail.com>

We don't necessarily have to dump Python, we just need to evaluate
whether it is a smart idea, and then decide whether we will stick with
it or go to something else. I took a quick look at Mozilla Spidermonkey
(Javascript) but I'm not sure how powerful or extensible that library
is.

On Wed, 2009-05-27 at 07:19 +0200, Henrik Nilsson wrote:
> We've already had to disable a few builtin functions, such as file
> (which could open a local file for reading/writing), worth noting is
> that also import is disabled, did you bring this up when you asked,
> Braden?
> I think disabling import should save us from most security headaches
> (other than builtin functions, but that's a relatively small list)
> Though if we're gonna dump Python we'll have to find another candidate
> quick, what do you say about Lua?
> 
> 
> Here's a list of languages that are good for embedding, though without
> any consideration for security in arbitrary
> code, http://en.wikipedia.org/wiki/Categorical_list_of_programming_languages
> 
> 2009/5/27 Ted Smith <teddks@xxxxxxxxx>
>         Insecure how?
>         
>         
>         On Tue, 2009-05-26 at 19:33 -0400, Braden Walters wrote:
>         > I asked the Python community about what they think about
>         using Python
>         > for a project like Amethyst. They said it's WAY too
>         insecure. I suppose
>         > it's best to go back now before we get too far into a mess.
>         Since this
>         > is mostly for Rakhun, I'll have to talk to you in IRC some
>         time about
>         > this.
>         >
>         >
>         > _______________________________________________
>         > Mailing list: https://launchpad.net/~mysticgalaxies
>         > Post to     : mysticgalaxies@xxxxxxxxxxxxxxxxxxx
>         > Unsubscribe : https://launchpad.net/~mysticgalaxies
>         > More help   : https://help.launchpad.net/ListHelp
>         
>         
>         _______________________________________________
>         Mailing list: https://launchpad.net/~mysticgalaxies
>         Post to     : mysticgalaxies@xxxxxxxxxxxxxxxxxxx
>         Unsubscribe : https://launchpad.net/~mysticgalaxies
>         More help   : https://help.launchpad.net/ListHelp
>         
> 
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~mysticgalaxies
> Post to     : mysticgalaxies@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~mysticgalaxies
> More help   : https://help.launchpad.net/ListHelp

Follow ups

Re: Python :(
From: Henrik Nilsson, 2009-05-27

References

Python :(
From: Braden Walters, 2009-05-26
Re: Python :(
From: Ted Smith, 2009-05-26
Re: Python :(
From: Henrik Nilsson, 2009-05-27