"a better input"
Steve Holden
sholden at holdenweb.com
Thu May 9 16:30:59 EDT 2002
"Gareth McCaughan" <Gareth.McCaughan at pobox.com> wrote ...
> Alex Martelli wrote:
>
> [I said:]
> > >> To expand: we could really do with something that lets the user
> > >> enter "46" or "0x1234" or "'walrus'" or "-2+6j" or "[1,'a',{3:4}]"
> > >> and returns the same as |input| does for those, but that doesn't
> > >> permit "f(123)" or "2**2002" or "[x for x in [1,2,3]]".
> >
> > You'll have to pin that down more closely, as I can't see any
> > easily definable difference between operators used as in:
> > -2+6j
> > and operators used as in:
> > 2**6
> > yet apparently you want to allow the former but forbid the latter
> > (why? what is gained in forcing people to do this in their head?).
>
> I don't actually mind if an input() replacement evaluates 2+3.
> I do mind if it is able to do arbitrary computation, where
> "arbitrary" is fuzzily defined to cover things like
>
> 1 anything that could take a large amount of time or
> memory to compute;
>
> (rationale: we don't want to facilitate DoS attacks;
> users will find it counterintuitive if what they think
> of as reading a value can consume unbounded resources.)
So, for example, 2**100 is OK, but 2**10000000 is right out?
[...]
regards
Steve
--
-----------------------------------------------------------------------
Steve Holden http://www.holdenweb.com/
Python Web Programming http://pydish.holdenweb.com/pwp/
-----------------------------------------------------------------------
More information about the Python-list
mailing list