Returning a value from code string
Steven D'Aprano
steve at REMOVEMEcyber.com.au
Mon Jan 30 02:42:28 EST 2006
Fried Egg wrote:
>>From above:
>
> I hope the contents of the database are trusted, because if the code is
> coming from an untrusted source, well, U R pwn3d.
>
> Seems like you are jumping through a lot of hoops for very little
> benefit.
> What am I missing?
>
> <END>
>
> Why does anyone care about "why" people do things when they ask a
> specific technical question on a newsgroup? Maybe op is risking his
> server (who cares) or maybe he is just trying to explore an idea
> (again, who cares). It almost seems like bad etiquette, really. It
> also seems somehow different than asking questions that elicit
> technical context.
Firstly:-
Because people have an ethical obligation not to give
bad advice.
You might be prepared to assume that anonymous people
on the Net are all responsible, intelligent,
clear-thinking, sufficiently cautious adults who know
what they are doing, but I don't make that assumption.
If their post indicates they know what they are doing,
I respect that and am more than happy to tell them how
to shoot themselves in the foot. If their post
indicates that they haven't thought the question
through, or worse, aren't even aware that there is a
question to think through, then I'll behave differently.
If somebody writes to the newsgroup "Hi, I need help
writing a Caesar shift cipher so I can encrypt some
data" it would be sheer irresponsibility to answer
their technical question without pointing out that a
Caesar shift cipher is no more secure than rot13 (in
fact, rot13 is a specific form of that cipher). So ask
"Why?" -- if the answer is "I'm storing confidential
medical records in a database", then you can gently
apply the cluebat and, if you are lucky, protect YOUR
medical records from being stolen from some clueless
database vendor. If the answer is "I'm doing it to
obfuscate some data in a game, I know this is extremely
weak encryption", then that's a different ballgame.
Secondly:-
Because one of the most common errors on Usenet and the
Internet is people asking the wrong question because of
misunderstanding or false information. A recent example
on this newsgroup: somebody had assumed, or been told,
that Python lists were linked lists, and assuming that
mylist[n] was a slow procedure because the linked list
had to be walked, was wasting time trying to some up
with some other solution. If we had merely answered
their technical question, he would have solved a
non-problem, learnt nothing, and ended up with slow
inefficient code.
His real problem wasn't "How do I this...?". His real
problem was that he was labouring under false
apprehensions, and by asking "Why do you want to do
this?", people solved his real problem.
> Sorry to rant about etiquette. I just have a problem similar to the
> original poster's, and it pissed me off when I wrote to the newsgroup
> asking "how do I do x,y,z?" and somebody writes back saying "you really
> shouldn't want to do x,y,z..." when they really haven't a clue.
But the million dollar question is, after you had
explained what you wanted to accomplish (rather than
how you thought it should be accomplished), did people
agree that x,y,z was the right way to go about it?
--
Steven.
More information about the Python-list
mailing list