I’ve been wondering: is it possible to send at runtime code from the server to be executed on the client?
I’m working on a turn-based, client-server framework that would allow a fair amount of user-based customization, so much that the rules of a game are part of the soft architecture. The rules are effectively event-driven python functions that the users can define but, for a variety of mostly AI-related reasons, some of the same exact functions should be available on both the server and the client. -HOWEVER- I don’t want to require that the client machine has the same rule file to import.
A metaphor to understand this is that if you go and play a boardgame at a friend’s house you don’t have to bring your own copy of the same boardgame: your friend will share his!
Ideally I’d like to send a binary object over the network connection, like a ready to use compiled function, but if push comes to shove just sending a whole function in a string would do. However, I’m not familiar with Python (yet): is this possible at all?
I’ve read your first few posts and might I make a friendly suggestion? Before you inundate the forum with questions, perhaps you should learn some Python first. It would really not serve any purpose to explain to you at this point in your learning curve how to so some of the things you’ve posted about because you don’t have the experience or knowledge to implement it. I’m not saying you can’t do it, just that you’re level of comprehension of Python is lacking at this point.
Learn some Python, write a few non-Panda3D Python scripts and then, consider asking your questions.
The short answer, though, is yes. As with any interpreted language, it is possible to send raw Python code over the wire and let the client execute it, or even vice-versa.
asking questions is totaly fine. dunno whats wrong about it. and its not like this questions gets asked trice per day so nothing its perfectly fine.
i just wanted to make a short addition to davids post:
it is possible. but it can be very very VERY unsecure to send binary code.
executing code from uncertain sources can be easily exploited… if you are logged in as administrator or have administrator rights someone might use it to spy your computer, take it over, format it or what not. you should be very careful. there are better, more secure ways. just as a note. for this. you really have to learn some python and basic network security.
Dear Jhouck, thanks for you reply even though it wasn’t particularly useful!
You mention:
I tend to use my words carefully and when I say:
I mean exactly that: I’m not familiar, which is quite different from I don’t know anything about it.
That been said: fair enough. I find your tolerance on the matter a bit lacking and your use of the word “inundate” a bit excessive but I won’t hold a grudge!
drwr, thanks for the reassurance. ThomasEgi, you are perfectly right and security is a concern. You mention specifically that to send binary code is very unsecure. Is this simply because ultimately I could parse the ascii code and make sure it doesn’t do anything dodgy or are there smarter ways to make sure code from uncertain sources isn’t harmful? I know Python used to have a restricted execution module but it seems they have discontinued support and inclusion in Python’s distribution? Is this what you were alluding to?
hm. i never send entire rules over network. but you should have a close look at the struct module. in any case, do not use pickle or cpickle or the likes.in a simple case you could encode your code as a number of strings just like the actual code. then use struct to send it over network. and on the client end you could have a check-algorithm which checks each word in the string if the string is part of a list which contains the allowed command-codes.if no illegal commands where found you could execute it. there might be by far better methods,thought. i’m not a securty expert so its not neccessarily a secure method.
You can have a look at PYRO (the distributed object library, not the Python Robotic library).
They have a module of code migration around the network.
The safety concern is … but it works
The bottom line is how secure is your channel. Running arbitrary code from the server (or loading pickle files, or whatever) isn’t necessarily unsafe, if you can first guarantee that the data in question actually came from your server and not from somewhere else. There are lots of ways to do this. But, yeah, you do need to be sure you’ve covered all the bases.
Why don’t you just make a seudo language to send over your connection that both the client and server understand, and that the players can code in?
That way it is “translated” into python at each end and allows you control of certain aspects of it. It also allows you to make something slightly simpler for people to code in. Do you realise how many things non-programming players could break in your game if they were writing new functions natively then updating the whole global environment with it. shudders
Seudo language… Much better than streaming your code.
