Accessing global namespace
John Roth
newsgroups at jhrothjr.com
Mon Oct 6 23:03:00 EDT 2003
"Dave Benjamin" <dave at 3dex.com> wrote in message
news:EApgb.18479$%o6.8797 at news1.central.cox.net...
> Carl Banks wrote:
> > [...snip...]
> > I stand by what I said. Using exec for anything other than explicitly
> > asking the user for Python code is wrong, incorrect, and evil, with
> > very few exceptions. Even if it looks harmless. Anyone who does
> > that, or advises that, should be fired.
>
> Ought I to be fired for writing something like this?
>
> #!/usr/bin/env python
>
> def attr_reader(name):
> return '''\
> def get_%s(self):
> return self._%s
> %s = property(get_%s)
> ''' % (name, name, name, name)
>
> class Testes:
> _a = 42
> exec attr_reader('a')
>
> t = Testes()
> print t.a
>
> Output: 42
>
> Dave
I didn't go through it in detail to check for safety. He was getting
after me for not emphasizing, a couple of exchanges above, that
using exec can be very unsafe unless you either construct the input
yourself, or validate the user input. It's something that's worth
remembering.
John Roth
>
More information about the Python-list
mailing list