Possible Duplicate:
Python, safe, sandbox
I'm building a corporate web system in Python which allows scripts to be uploaded and run serverside. Given I'm already developing in Python and its such a nice simple language, it seems like a good language to write the scripts in. However, there is a security hazard there, I want to block all function calls except a limited subset. Is there a mechanism I can use to do this, or some other technique? Do I need to use something else, Lua perhaps? I'm developing in Pyramid/Pylons.
This is a terrible idea, but just to let you know about the option:
You could sanitize a string that contains the Python code (and by sanitize I mean you need to do like a few hundred malicious unit tests and heavily test that the sanitation is adequate) with RegEx to only match the function calls you want and then call eval() on the string.