We're looking to install Python with the IDLE into some of our ICT suites so the students can do some programming. Sounds great but has anyone done this and if so what issues have you have with security policies etc?
My concern is that Python will not obey ntfs permissions/group policies etc correctly and students could write scripts to access system files and so on, not being a Python programmer I've not had a lot to do with it!
I'm all for getting the students programming but I'm conscious of the pitfalls.
Python is like any other windows program. It has to obey ntfs permissions. The only problems are if the permissions arn't set properly, or when code is submitted to a teacher. If a teacher (or admin) runs a students program, then it will run with the teachers permissions. Practically I don't think there is much chance of this being a problem, but the risk is there. The best solution to that is if the member of staff reads the code before running it. most stuff should be obvious.
Thats a good start anyway - I had intended to put a windows firewall rule in to block python.exe from any network access as they don't need to do it.
I'm not being deliberately awkward, but we do need to pre-empt any problems that can causes issues. Teachers and students have broadly similar permissions on networked PCs anyway so that shouldn't be too much of an issue.
Yeah you are... but that's your job :)
Originally Posted by Sheridan
I'm following this with interest as i'm doing some reading try to pre-empt the inevitable. The ICT guys are dabbling with KODU and scratch, but it's only a matter of time!
We already have scratch in use and Kodu is being looked at (althought that seems pretty safe anyway)
We also looked into the Pi's - but availability seems to be an issue!
Indeed... I'm still waiting for my Pi, when it arrives we'll sit down and work out if we can create a scheme of work to use it.
Actually if the python IDE does obey NTFS permissions, and I block python.exe from any network traffic that would probably secure it enough for most users.
Not being a python programmer I haven't got the knowledge to test it, bit of a VB man myself!
I doubt they would be able to do much damage with network stuff. I would be more concerned with running other programs, using the subprocess module or the os module. But this is common to most, if not all, other serious programming languages. It probably depends on your staff and students as to how much you need to secure it. In terms of security, python and vb have fairly similar security issues.
I'm also waiting on my pi.
Yes thats the bit I don't understand. Policy prevents them from running regedit (for example) but does that mean it could be started from python instead?
Hey..just curious on the latest with this? We've been asked to roll out Python...but I'm looking for the security holes too...
Your probably not programmers so I'll explain :)
If you give people a tool (such as sharp knives or Python) then what you need is for people to take responsibility for using them - trying to restrict their usage (such as anchoring the knives via a piece of chain to a table or restricting permissions on share access) negates the usefulness of the tool.
What you need is social behaviour policies/rules/policing/sanctions not physical restrictions :)
Cheers SimpleSi...but in a school it is simplier said than done...
We are looking at rolling out python to some areas for same reasons.
I acknowledge SimpleSi's principle and this will apply in 95+% cases at our school. However every so often we get someone who wants to 'experiment' (not a bad thing), but they may also be someone who knows less than they think they do and/or someone who is relatively immature in applying such principles (the nature of [some] school students).
So - just wondering if people have now tried this, before we have a go and reinvent the wheel.
Also if any particular distribution of python is better to deploy on a curriculum network than others ('vanilla', ActiveState, Portable etc) and any pitfalls to avoid ....
[personally prefer PyScripter to IDLE]
Hi, "It's only a matter of time...I think you are right.
I have asked our technicians (yes I'm a teacher - just ducking to avoid shrapnel now) to install Python (IDLE) and it is blocked by group policy for everyone except Admin. We were not sure why. Can anyone help us?
Also I was not sure whether the Python IDLE runs an executable if you stay within the IDE.
Up to know we have been doing all our "proper" programming using JAVA so this issue has been avoided.
Any pointers appreciated.