How to use the exec statement

Christian Tismer tismer at tismer.com
Sun Oct 6 17:55:16 EDT 2002 

JB wrote:
> Alex Martelli wrote:
> 
> Thx.
> There is one thing I do nt understand, though. (It is late 
> and I am tried. I may understand it tomorrow.)
> 
> In thet new namespace there will be a function f. The user 
> must be able to call f via exec.
> But f needs a global variable, otherwise it cannot 
> communicate with the rest of my program. If the user can 
> access this variable and overwrites it...
> How to solve this?

I don't see a problem here.
You give the user access to your global variable,
wghich means you put it into the proposed namespace object.
The user can only overwrite it in that namespace, but
that's of no concern for you.

Another problem might in fact be that the user now might
modify the variable's contents in some unwanted way.
I'd be very careful here and build an extra object
that only has the properties which you wish to give
access to. Then, after calling the user code, you
might decide which of the changed attributes you want
to back-copy into your 'real' object, if at all.

Make sure to never open a backdoor into an area that
the user should not touch. Careful, this may happen much
easier and without your prior knowledge.
Make sure that you never copy dictionary contents which
you know exactly, or it may happen easily that you
inadvertently publish a globals dict, and you're probably
hosed.
Never publish something that contains the sys module,
since that opens everything up quickly.
Never carry a traceback around into user space. Tracebacks
give acces to frames, and frames give access to globals...

ciao - chris

-- 
Christian Tismer             :^)   <mailto:tismer at tismer.com>
Mission Impossible 5oftware  :     Have a break! Take a ride on Python's
Johannes-Niemeyer-Weg 9a     :    *Starship* http://starship.python.net/
14109 Berlin                 :     PGP key -> http://wwwkeys.pgp.net/
work +49 30 89 09 53 34  home +49 30 802 86 56  pager +49 173 24 18 776
PGP 0x57F3BF04       9064 F4E1 D754 C2FF 1619  305B C09C 5A3B 57F3 BF04
      whom do you want to sponsor today?   http://www.stackless.com/

More information about the Python-list mailing list