How sandboxed a predicate API can pengine from python be


I’d like to create a python “front-end” Domain Specific Language4 (DSL) which calls a number of predicates in a backend running on a server via pengine.

I’d like to ensure that the python user can only call exactly those predicates I provide as API and nothing else – in particular no listing type of predicates to secure the backend code.

Can I do this via a) packaging of the “bridge” code in a closed, importable module in python, and via checking each incoming pengine call that it only includes those API predicates.

Can this work? Any things I overlooked ?

thank you,


1 Like

Why would you use Pengines for that? The core idea of Pengines is that you can bring code to the data. There is the sandboxing that by default should protect you against anything that may harm the server or expose secrets about the server. The sandboxing is rather complicated though and thus likely to be not safe against a good hacker (but this hacker particularly requires knowledge about Prolog :slight_smile: )

If you just want to run some services, just use the HTTP server framework and create some predicates that emit a JSON document. That is far simpler, lightweight and even (a little) faster.

1 Like

Thank you for clarifying – i mainly thought about it as a convenient infrastructure for messaging – don’t think i will need to send code across – at, least i don’t see a use case for it right now.

Thinking of it – websockets might be better suited.