When to use input()?
Gerrit Holl
gerrit.holl at pobox.com
Wed Dec 22 15:01:25 EST 1999
Hello,
Can someone tell me a situation to use input()?
Is it possible to run it in a rexec environment? If not, input() isn't
only useless, but also unsafe.
I think input() is bad because you pass the users input to eval() directly,
so the user can do __import__('os').system('sh'). That can't be what
you want.
raw_input(), however, returns a string which can be passed to
string.atoi() or IF you want to execute it, you can execute the
code in a rexec environment.
Or am I missing something?
regards,
Gerrit.
--
"The move was on to 'Free the Lizard'"
-- Jim Hamerly and Tom Paquin (Open Sources, 1999 O'Reilly and Associates)
8:45pm up 11 min, 2 users, load average: 0.00, 0.13, 0.15
More information about the Python-list
mailing list