Converting hex string to an integer
Michael Hudson
mwh at python.net
Fri Aug 27 08:20:03 EDT 2004
Peter Hansen <peter at engcorp.com> writes:
> Rick Holbert wrote:
> > Derek Fountain wrote:
> >>Given the character string "0x00A1B2C3" arriving at sys.argv[1] how do I
> >>convert that to an integer which I can do some math on?
> > i = eval(sys.argv[1])
>
> That's dangerous advice to a newbie if not qualified carefully.
>
> Derek, "eval" could be the source of serious security problems
> if you don't understand its power. Specifically it should
> almost never be used for input that comes from a user or
> via the command line. There is pretty much always another
> and much better way to do the simple stuff like conversions
> than to use eval.
>
> For example, imagine if a malicious could feed your program this:
>
> (on the Linux command line)
>
> $ myscript "__import_('os').system('rm -rf /')"
Well, in this situation, he could just type
$ rm -rf /
But, yes.
Cheers,
mwh
--
I'm not particularly fond of singing GSTQ because she stands for
some things I don't, but it's not really worth letting politics
getting in the way of a good bawling. -- Dan Sheppard, ucam.chat
More information about the Python-list
mailing list