[Bf-python] Security and the rexec module

[Christian Plessl]

When reading through the discussions on Blender Python security, this came to 
my mind, maybe this can be some inspiration:

It might help to look at Zope (http://www.zope.org) to see, how Python 
extensions can be safely allowed. Zope is a popular open-source web 
application server, that is implemented (mostly) in Python. 

Applications in Zope can be implemented in various ways, 2 of them directly 
use Python. 

a) The first method is called 'Python Product' .These applications are written 
in Python, and can run unrestricted, they can access the local filesystem, 
network and so on.

b) The other method for implementing Zope applications in Python is called 
python scripts. Python scripts can only access a very restricted set of 
Python modules, the have no access to the filesystem, network and so on. If I 
remeber this correctly, there are also restrictions in the maximum amount of 
memory consumption and runtime.

Maybe the python extensions for Blender can borrow some ideas from Zope, but 
I'm not familiar, with the way the Zope developers have implemented the 'safe 
execution mode'.

Regards,
 Christian

-- 
Christian Plessl <plessl at tik.ee.ethz.ch>
Computer Engineering and Networks Lab, ETH Zurich, Switzerland