calling a function indirectly
Quinn Dunkan
quinn at barf.ugcs.caltech.edu
Thu Feb 28 14:27:01 EST 2002
On 28 Feb 2002 08:16:14 GMT, Jim Dennis <jimd at vega.starshine.org> wrote:
> Telling people to avoid eval() because it's "dangerous" and might
> lead to "insecure" code is a gross oversimplification. It is better
In addition, security is usually not an issue for me. Most of my code runs on
a machine with no passwords anyway (mine). Most of the rest runs when I invoke
it with inputs I give it, not when some random outsider invokes it with random
outside inputs. Avoiding eval on security grounds in many scenarios is like
avoiding the shell on security grounds because it evaluates arbitrary text.
It's like web hosting sites that let you write CGI scripts but don't give you a
shell login "because you can run anything with a shell!" never mind that you
can also run anything with CGI, including a shell, just less conveniently. Or
maybe there's some more substantive reason they do that, I dunno.
More information about the Python-list
mailing list