views:

212

answers:

1

Ok, so this isn't exactly a question that I expect a full answer for but here goes...

I am currently using a python driver to fire data at a mongo instance and all it well in the world. Now I want to be able to pull data from mongo and evaluate each record in the collection. Now I need to pass in to this evaluation a script that will look at the row of data and if a condition is met return true i.e.

(PSUDO CODE)

foreach(row in resultSet)
 if(row.Name=="Chris) return true

return false

Now the script that I use to evaluate each item in the row should be sandboxes somehow with limited functionality/security privileges.

In other words the code will be evaled, and I dont want it to have rights to i.e. include external libraries, call remote servers or have access any files on the server etc...

With this in mind I know that mongo uses something called spider monkey (which I gather is a JS evaluator) to write queries. I wonder would it be possible to take the result of a mongo call and pass it to an evaluated javascript function using spider monkey (somehow) to achieve what I am after? If so would this be safe enough.

To be honest, Im writing this question and I realize its sounding a lot like one of those "please help, how to code the world" type questions but any pointers would be helpful.

+2  A: 

Have you looked at $where clauses in MongoDB? Seems like those would pretty much give you exactly what you're looking for. In PyMongo it would look something like:

db.foo.find().where("some javascript function that will get applied to each document matched by the find")
mdirolf