limited python virtual machine
Aahz
aahz at pythoncraft.com
Sat Jan 29 11:55:59 EST 2005
In article <1gr5osy.7eipfq7xyz72N%aleaxit at yahoo.com>,
Alex Martelli <aleaxit at yahoo.com> wrote:
>Aahz <aahz at pythoncraft.com> wrote:
>> Alex Martelli deleted his own attribution:
>>>
>>> >>> object.__subclasses__()
>>
>> One thing my company has done is written a ``safe_eval()`` that uses a
>> regex to disable double-underscore access.
>
>will the regex catch getattr(object, 'subclasses'.join(['_'*2]*2)...?-)
Heheh. No. Then again, security is only as strong as its weakest link,
and that quick hack makes this part of our application as secure as the
rest.
--
Aahz (aahz at pythoncraft.com) <*> http://www.pythoncraft.com/
"19. A language that doesn't affect the way you think about programming,
is not worth knowing." --Alan Perlis
More information about the Python-list
mailing list