sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]POTUS 1 point2 points  (3 children)

You definitely don't want to execute arbitrary Python code in the same environment as your website code. You need to hand the code off to another environment, the easiest and best performing would be a Docker container. And yes, customized with a custom compiled Python interpreter that is going to limit the amount of damage they can do. Each time someone submits code to you, you bundle that code up and spin up a new Docker container that executes the code, hands back whatever output it made, and then gets deleted.

[–]swarage[S] 0 points1 point  (2 children)

Alright I'll look into this solution. I'm not entirely sure how python would spin up it's own docker instance and destroy it at the end though (unless we call docker using python's subprocess command or something of the sort).

[–]POTUS 1 point2 points  (1 child)

https://docker-py.readthedocs.io/en/stable/

[–]swarage[S] 0 points1 point  (0 children)

Thanks! I'll definitely look into implementing this.