How can I protect my web server, if I run custom users code on server. If any user can submit his python source on my server and run it.
Maybe some modules or linux tools for close any network and hardware activity for this script.
Thank's all for help!
The concept you're thinking of is sandboxing. Check out the Python wiki page about it:
http://wiki.python.org/moin/SandboxedPython
In general, python is not the best language choice if you want to allow the execution of untrusted code. The JVM and .NET have much better support for sandboxing, so Jython and IronPython would be better choices.
Related
I'm working on developing a test automation framework. I need to start a process(a C++ application) on a remote linux host from a python script. I use the python module "paramiko" for this. However my c++ application takes sometime to run and complete the task assigned to it. So till the application completes processing, I cannot close the connection to the paramiko client. I wan thinking if I could do something like "the c++ application executing a callback(or some kind of signalling mechanism) and informing the script on completion of the task" Is there a way I can achieve this ?
I'm new to python, so any help would be much appreciated.
thanks!
Update: Is it not possible to have event.wait() and event.set() mechanism between the c++ application and the python script ? If yes, can somebody explain how it can be achieved ?
thanks in advance!
The best way I can think of to do this is to run both of them in a web server. Use something like Windows Web Services for C++ or a native CGI implementation and use that to signal the python script.
If that's not a possibility, you can use COM to create COM objects on both sides, one in Python, and one in C++ to handle your IPC, but that gets messy with all the marshalling of types and such.
We have a CLI application with business logic inside, written in python.
We want to build native GUI apps in both windows and mac, providing the funcionality of the CLI.
What is the best (easy, fast to implement) way to communicate (two-way) between the GUI app and the CLI communication, in a way that the extra code developed in the CLI will work with both windows and mac native apps? CLI and GUI apps will be on the same machine. Calls will be made to the CLI like uploading a file, and feedback will be returned to GUI, like progress, errors, etc.
Any solution is considered:
Sockets, Remote procedure calls, any other interprocess communication way, any other obvious(?) but missed solution.
Thank you!
Not a final answer, but there is a cross-platform IPC library with .NET and Python bindings, that is used by iPython called ZeroMQ. You may want to check that. http://zeromq.org/
I have a python server that I need to run in both a Linux and Windows environment, and my question is about deployment. What is the best method for deploying the solution instead of just double clicking on the file and running it?
Since I use the server_forever() on the server, I can just run the script from command line, but this keeps the python window open. If I log off the machine, naturally the process will stop. So what is the best method for deploying a python script that needs to keep running if the user is logged in or off a machine.
Since I am going to be using multiple environment, Linux and Windows, can you please be specific in what OS you are talking about?
For windows, I was thinking of running the script 'At Startup' using the Windows scheduler. But I wanted to see if anyone had a better option. For linux, I really don't know what to create. I am assuming a CRON job?
Deployment does refer to coding, so using serve_forever() on a multiprocessing job manager keeps the python window open upon execution. Is there a way to hide this window through code? Would you recommend using a conversion tool like py2exe instead?
This is the subject matter of a whole library of books, so I will just give an introduction here :-)
You can basically start scripts directly and then have multiple options to do this in a way that they keep running in the background.
If you have certain functionality that needs to run on regular moments, you would do this by scheduling it:
Windows: Windows Scheduler or specific scheduling tools
Linux: Cron
If your problem is that you want to start a script without it closing on you while SSH'ing into Linux, you want to look into the "screen" or "tmux" tools.
If you want to have it started automatically this could be done by using the "At Startup" as you point out and Linux has similar functionalities, but the preferred and more robust way would be to set up a service that is better integrated with the OS.
Windows: Windows Service
Linux: Daemon
Even more capabilities can be yielded by using an application server such a Django
Tomcat (see comment) is an option, but definitely not the standard one; you'll have a hard time finding support both from Tomcat people running Python or Python people running their stuff on Tomcat. That being said, I imagine you could enable CGI and have it run a Python command with your script.
Yet, instead of just starting a Python script I would strongly encourage you to have a look at different Python options that are probably available for your specific use case. From lightweight web solutions like Flask over a versatile networking engine like Twisted to a full blown web framework like Django.
They all have rather well-thought-out deployment solutions available. Look up WSGI for more background.
I'm thinking if there already is some sort of online live python console (web-based) with open source code available. Anyone know of anything?
It would be really useful to have console in Django admin (like running python manage.py shell on the server's terminal), so it would be great to have django/any wsgi aplication, that can be used to enable web based live console access.
Thanks
You're looking for the Werkzug debugger.
http://werkzeug.pocoo.org/
http://werkzeug.pocoo.org/docs/debug/
It's got an interactive javascript based in-browser debugger for your WSGI projects, among many other great tools. Fantastic stuff.
For Django specifically, there's also RunServerPlus, which is part of the django-extensions package.
https://github.com/django-extensions/django-extensions
You should check out Python Anywhere. You can run python web apps, you get an SQL database, and you get a bash shell in your browser.
Have a look at python shell from Google. There's a link to source code at the top. Loading Django environment into it might be not very easy but I believe it's possible.
I'm not sure if this meets your desire but you might take a look at Chrome extension : https://chrome.google.com/webstore/detail/gdiimmpmdoofmahingpgabiikimjgcia
There is a great website called Codecademy. It teaches the fundamentals of Python, Ruby, Javascript, and HTML/CSS.
They also have online consoles for each of the languages they teach, excluding HTML/CSS. This website is Codecademy Labs. Codecademy Labs has a console you can type directly in, and an editor that displays output in the console. I hope that this helped you find what you were looking for!
I want to provide my colleagues with an interface (using Windows Forms or WPF) to control the states of virtual machines (KVM based) on a linux host. On the command line of this server, I'm using a tool, called libvirt, which provides python bindings to access its functionality.
What whould be the best pratice to remotely access several function like libvirt or reading logfiles on the server. I thought about a REST Full Webservice generated by Python. Are there other viable options to consider?
Thanks,
Henrik
I'd develop an intranet web application, using any python web framework of choice.
That way you don't have to develop/install software on your client. They just point the browser and it works.
Because you are using a server-side tool that has Python bindings, you should give a serious look at PYRO which is a Python RPC library.
http://pyro.sourceforge.net/
To use this you would also have to use Python on the client, but that shouldn't be a problem. If you haven't start writing your client, then you could do it all in IronPython. Or, if you need to add this to an already existing client, then you could still bind in either IronPython or CPython as an embedded scripting engine.
For more on PYRO and Ironpython, see this wiki page http://www.razorvine.net/python/PyroAndIronpython
Proxmox VE is a complete solution to manage KVM (and OpenVZ) based virtual machines, including a comprehensive web console, so maybe you can get a full solution without developing anything?