views:

117

answers:

1

There are lots of tutorials/instructions on how to embed python in an application, but nothing (that I've seen) on overall design for how the embedded interpreter should be used and interact with the application.

The only idea I could think of would be to simply give the user a method (menu option, etc) of executing scripts in the program. So certain classes, functions, objects, etc. would be exported to python, some script would do something, then said script could be run from the program.

Would such a design be "safe?" Meaning is it feasible for a malicious/poorly-written script to "damage" the program and/or computer? I assume its possible depending on the functions available to the script (e.g: it could try to overwrite some important files, etc.) How might one prevent such from happening? (e.g: script certification, program design, etc.)

This is implementation specific, but is it possible/feasible to have the effects of the script stay after its done running? Meaning if a script computes something, will the result be available to the program after execution of the script has finished? I think it is possible to do if the program were setup to interact with a specific script, but the program will be released before most scripts are written; and such a setup seems like a misuse of embedding a scripting language. Is there actually cases where you would want the result of a scripts execution to be available, or is this a contrived situation that doesn't really occur?

Are there any other designs for embedding python?
What about using python in a way similar to a plugin architecture?

Thanks,
Matthew A. Todd

+1  A: 

The only idea I could think of would be to simply give the user a method (menu option, etc) of executing scripts in the program.

Correct.

So certain classes, functions, objects, etc. would be exported to python, some script would do something, then said script could be run from the program.

Correct.

Would such a design be "safe?"

Yes. Unless your users are malicious, psychotic sociopaths. They want to make your program do useful things. They bought/downloaded the software in the first place. They think it has value.

They trusted your software. Why not trust them?

Meaning if a script computes something, will the result be available to the program after execution of the script has finished?

Programs like Apache do this all the time. You screw up the configuration ("script"), it crashes. Lesson learned? Don't screw up the configuration.

S.Lott
I was worried about them downloading scripts w/o realizing what the script might do.
Matthew
Well, but they could download programs w/o realizing what the program might do. You can't fix that problem.
Michael Kohne
Michael, you can't fix the problem, but you can minimize the consequences by limiting what the program (or in this case, script) can do. Scott, in reply to your post, IMO, it's not a question of trusting the end user, it's a question of a potentially uninformed end-user trusting a third party script. So "root" access (metaphorically speaking) isn't something you would want to given an add-on script.
codelogic
@codelogic: Root access is right out from the very beginning. Who would allow such a thing? Any application that works with elevated privileges cannot be scripted in any trustworthy way.
S.Lott
@S.Lott: I didn't mean literal root access (hence the quotes), I meant with respect to the application and the Python interpreter. My point being, limit the script's power so that it can get the intended job done. For example, if the scripting functionality is merely to allow 3rd party image processing capabilities, don't give it network privileges, maybe not even file system access. Restrict its sandbox with enough room to get the job done.
codelogic
@codelogic: I think that the "certain classes, functions, objects, etc. would be exported to python" in the original question covered that topic. It sounds like you agree with this approach of only "certain classes, functions, objects, etc."
S.Lott
True, it looks like I misinterpreted a part of your answer.
codelogic