如何制作基于 web 的 python 交互式 shell [英] How to make web based python interactive shell

问题描述

像 https://www.pythonanywhere.com/try-ipython/ 工作?

他们可能会执行几个 exec 命令，或者与 ipython 交互.

They probably do several exec commands, or interfacing with ipython.

但是，如果他们没有采取任何预防措施"(他们确实这样做了)，这可能会非常不安全.一个单纯的(和邪恶的)用户可以做类似的事情

However, this can be extremely insecure if they didn't do any "preventive action" (which they did). A mere (and evil) user can do something like

import shutil, os

做坏事.

从技术上讲，基于网络的 python 交互式 shell 是如何实现的?以及如何确保交互式外壳不会对提供者产生任何不利影响?

How is technically web based python interactive shell possible? and how could one ensure that the interactive-shell doesn't impact anything bad to the provider?

推荐答案

PythonAnywhere dev here.我们使用文件系统监狱、低权限帐户、ulimit 限制和 cgroup 的组合来沙箱人员.加上一些复杂的 iptables 路由.

PythonAnywhere dev here. We use a combination of a filesystem jail, low-privilege accounts, ulimit restrictions, and cgroups to sandbox people. Plus some complicated iptables routing.

我们将来很可能会转向 LXC 或 Docker -- 我们根据 2012 年发布系统的第一个版本时准备用于生产的内容选择了现在使用的特定组合，并且如果我们今天从头开始，我们会做不同的事情.

We're likely to move on to LXC or Docker in the future -- we chose the specific combination that we use now based on what was ready for production when we released the first version of our system back in 2012, and it if we were starting from scratch today we'd do it differently.

这并不是说我们当前的系统不好——它运行得非常好.但这确实意味着它涉及很多代码，如果我们使用现在可用的东西，我们可以删除这些代码，而更简单的代码显然更好:-)

That's not to say that our current system is bad -- it works really well. But it does mean that it involves a lot of code that we could strip out if we used the stuff that's available now, and simpler code is obviously better :-)

我还应该补充一点，您可能会发现 我在 EuroPython 上所做的演讲 有趣.它没有涉及 shell 如何工作的安全方面，但它与您的问题主题(如何制作基于 Web 的 Python 交互式 shell)相关，因为它涵盖了运行 shell 所需的一堆东西在浏览器中，并将其连接到在服务器上运行的 Python 进程.

[edit] I should also add that you might find this talk I did at EuroPython interesting. It doesn't touch on the security aspects of how the shell works, but it is relevant to the subject of your question (how to make a web-based Python interactive shell) because it covers a bunch of the stuff required for running a shell in a browser and connecting it to a Python process running on a server.

这篇关于如何制作基于 web 的 python 交互式 shell的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！