Open Irev-Dev opened 2 years ago
Just doing some quick research on how to secure python execution and thought I would leave this here for consideration:
Thanks @jdegenstein
Anything new on that?
What about using web assembly? I am certainly not an expert when it comes to web development but it might work for this use case: https://webassembly.org/docs/security/ https://github.com/pyodide/pyodide
Python execute has been disabled for the time being.
Since python is a general purpose language getting security right is trick, the way it currently runs it would be possible to grab some aws credentials, as well as other things like crypto mining, the 30s execute limit does help but does not fix the problem.
Much more robust tracing and limits are needed before enabling this feature again.