[Bf-committers] Web Plugin :: Python Sandbox

Campbell Barton ideasman42 at gmail.com
Thu Aug 28 07:48:46 CEST 2008

Talked to some python devs, apparently the python sandboxing problems
people speak of is from trying to sandbox python within python.
The way blender does it is sandboxing should work well.

But there were some more functions that needed to be removed
reload, file, execfile and compile, think thats it.

Commited these changes, however the default is to allow these
functions in blenderplayer, so possible they are only disabled in the
web plugin,.

On Thu, Aug 28, 2008 at 8:03 AM, Marcelo Coraça de Freitas
<mfreitas at ydeasolutions.com.br> wrote:
> Howdy all,
>     In a short inspection into the plugin code I found an interesting
> implementation in the KX_PythonInit.cpp file: sandboxing!
>     Well, not a complete sandbox but it disables the "open" function and
> overwrite the "import" in such a way only trusted packages (GameLogic,
> GameKeys, PhysicsConstraints, Rasterizer and Mathutils) can be imported.
>    Python gurus: is this a safe/sane approach? Can a sandbox like this be
> called safe in the web environment (ie, it can't be used to cause real
> damage into the system)? Wouldn't be great if the game engine came with
> other modules? For the plugin code, I'd mostly like to have at very least
> XML processing (to be honest, I'd love to have CORBA too). It'd be awesome
> if we could give our users some method for installing such extensions.
> Regards,
> Marcelo Coraça de Freitas
> Gerente de TI
> Ydea Desenvolvimento de Software LTDA.
> Av. Adolfo Pinheiro, 2338 - Alto da Boa Vista
> CEP.:04734-004 - São Paulo - SP
> Tel.: 55-11-5523-0333
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at blender.org
> http://lists.blender.org/mailman/listinfo/bf-committers

More information about the Bf-committers mailing list