from spam import eggs, spam at runtime, how?
Paul Rubin
http
Tue Dec 9 16:40:02 EST 2003
Just <just at xs4all.nl> writes:
> > In this case, he's getting the actual string from the web, so I wouldn't
> > be surprised if exec would be a real can of security worms.
Yuch. Although, the string can be checked against the list of available
modules before exec'ing.
> Also, __import__ returns a module object, so you don't have to pull it
> out of the globals you passed to exec. Compare:
>
> g = {}
> exec "import %s" % modulename in d
> m = g[modulename]
I think I'd have used
exec "import %s as mymod"% modulename
> with
> m = __import__(modulename)
OK, that's not as ugly as some of the other stuff I've seen going by.
I guess it's better than an exec, if you can now just say m.whatever.
More information about the Python-list
mailing list