Safe eval?
Chris Liechti
cliechti at gmx.net
Tue Apr 16 17:16:36 EDT 2002
"Philipp Lenssen" <lenssen at hitnet.rwth-aachen.de> wrote in
news:a9i327$cvi$1 at nets3.rz.RWTH-Aachen.DE:
> "Philipp Lenssen" <lenssen at hitnet.rwth-aachen.de> wrote in message
> news:a9i2kg$cg8$1 at nets3.rz.RWTH-Aachen.DE...
>> Is it possible to have a safe eval() on the server-side even when the
> string
>> consists of submitted user data?
>>..
have a look at the rexec module
> I forgot to mention: all that should be allowed is arithmetics
> (boolean as well) plus a limited set of functions that I write &
> define. Say the following is OK (I already replaced internal variables
> here): 1 == 2 and false or (10 + 3 * 2) == 4 or
> internal_harmlessFunction() == true
you can disable the builtin functions you want and populate the namespace
with save functions and classes (see Bastion for that)
chris
--
Chris <cliechti at gmx.net>
More information about the Python-list
mailing list