How to write python plug-ins for your own python program?
hemanth
hemanthps at gmail.com
Fri Mar 4 01:44:52 EST 2005
Andre wrote:
> Mark Rowe <mail.python.org at bdash.net.nz> wrote in message
news:<mailman.3293.1109840097.22381.python-list at python.org>...
> > On Mar 3, 2005, at 9:33 PM, Simon Wittber wrote:
> >
> > >> You mean like 'import'? :)
> > >
> > > That's how I would do it. It's the simplest thing, that works.
> > >
> > > exec("import %s as plugin" % pluginName)
> > > plugin.someMethod()
> > >
> > > where pluginName is the name of the python file, minus the ".py"
> > > extension.
> >
> > A better method would be something along the lines of:
> >
> > plugin = __import__(pluginName)
> > plugin.someMethod()
> >
> > This avoids the potential security problem that `exec' poses as
well as
> > the need to parse + interpret the string.
> >
> What happens if you have:
> .def someMethod():
> . import os
> . rm * # or whatever other evil thing you might thing of
>
> Andre
Some time back I remember discussions on plugin risks in
Leo (leo.sf.net). The conclusion was someone can always harm
your system by writing a nasty plugin. Hence you should always
use plugins from sources you can trust. I don't know if there
is any alternative way in Python to have safe third party
plugins.
More information about the Python-list
mailing list