Forums

How to block Python from reading hard drive or database

Is there a way to block Python from accessing the hard drive and database? I want to do something similar to an AWS Lambda function where the code is totally isolated (except perhaps for internet access).

pandichef | 19 posts | Jan. 11, 2023, 11:28 p.m. | permalink

Do you want to build something like that on PythonAnywhere?

Staff pafk | 2973 posts | PythonAnywhere staff | Jan. 12, 2023, 11:07 a.m. | permalink

No. I keep stressing out about security holes in my app and I'd rather have fine-grained controls over which modules/functions can do disk I/O. (Actually, it's kind of a criticism of Python itself. It would be nice to have a @cannot_access_disk decorator in Python that just throws an exception if the function attempts any disk I/O.)

pandichef | 19 posts | Jan. 13, 2023, 7:37 a.m. | permalink

Unfortunately I don't think there's any way to do that with Python; when we started building PythonAnywhere way back, we tried to work out a way to do it -- we felt it would be easier than building sandboxes at the OS level -- but we couldn't find anything. I've been monitoring for some way to do it since then, and nothing has popped up.

Staff giles | 11788 posts | PythonAnywhere staff | Jan. 13, 2023, 2:56 p.m. | permalink