Jump to content

Alberto Salvati

Members
  • Content Count

    5
  • Joined

  • Last visited

Everything posted by Alberto Salvati

  1. Alberto Salvati

    Cyber security Question

    Hi, all. In the past I used P4D to customize delphi application behavior. Now, I'm working on a project with an very very high level of cyber security restrictions. I think that, NOW, this issue is so relevant and we as IT specialists, can't ignore it. My actual nightmare is "..what's happen if someone breaks my python script including OS and DATABASE (and other...?) calls potentially DANGEROUS?" I wrote to Python team about it...asking them about a "lazy" python version that doesn't support these calls... at this moment, no feedback. Also, I wrote to JetBrains (intelli-j and kotlin owner) about a new lazy language without dangerous calls...at this moment no feedback. I know that scope of my issue is outside of P4D but maybe someone has some puzzle piece... My first idea was to check script about "import" clauses or define script as a function to merge in a template without import clauses. But working with script as a FILE someone could hack file AFTER these check. Same situation could occure using an hash. Also, I could secure the file using some digital signature but maybe this solution is so complicated. Finally, I could run script under antoher user with few grants but this solution required network admin collaboration (AKA: complications...) What you think about? AS
  2. Alberto Salvati

    Cyber security Question

    I know but I'm said more than I could... The needed features is transform a generic input value in other value(s) using additional optional parameters. Logic for there operation could be more complicated, so I can't describe and write code for all use cases. Imho, external scripts are estrema ratio... Customers haven't access to modify them. And yes, my team is responsible. Cheers
  3. Alberto Salvati

    Cyber security Question

    Hi, all. I will try to explain but I can't say all... Application uses a module and I'm the people in charge for it. This module does some operation too complicate to code and different by customer. Each customer (about 5000....) could have about 0..n different implementation for the same operation. n is about 10. But, few customers don't need it. To manage this requirement I need EXTERNAL scripts, one per any different implementation, so, I can't embed in exe hash/key and so on. Also, my module has not db access (cyber security) helpful to store hash/key and so on. Put hash/key in a file could be not safe.... I can't share more details but I think they are enough to have an idea. Sherlock, I agree with you. I'm finding informations needed to decide if we can use scripts or not. Many thanks to all. AS
  4. Alberto Salvati

    Cyber security Question

    You are right but unfortunately I can' share too mush details.
  5. Alberto Salvati

    Cyber security Question

    Hi, all. First, many thanks for your answers. I hope this post sounds like a brainstorming about its subject. I'm replying all with this post: 1) I have not a database to store hashs. I'm working on a separate module of a BIG AND COMPLICATED APPLICATION that has db but my module has not db access due do ciber security issue and other causes (aaargh!) 2) About sandbox, I don't know if windows supports it without using virtualization, then run code in separate "context" . I will study this solution . 3) asymmetric signature requires a certificate that requires system additional work. Field persons work so hard to install ande setup application and they can't do this additional work. Also, I used ceritifcates in the past...and I cried due to puzzling.... 4) Cython...It sounds good, I will study it in deep. Cheers.
×