Returning a value from code string

[Steven D'Aprano]

Fried Egg wrote:

>>From above:
> 
> I hope the contents of the database are trusted, because if the code is
> coming from an untrusted source, well, U R pwn3d.
> 
> Seems like you are jumping through a lot of hoops for very little
> benefit.
> What am I missing?
> 
> <END>
> 
> Why does anyone care about "why" people do things when they ask a
> specific technical question on a newsgroup?  Maybe op is risking his
> server (who cares) or maybe he is just trying to explore an idea
> (again, who cares).  It almost seems like bad etiquette, really.  It
> also seems somehow different than asking questions that elicit
> technical context.

Firstly:-

Because people have an ethical obligation not to give 
bad advice.

You might be prepared to assume that anonymous people 
on the Net are all responsible, intelligent, 
clear-thinking, sufficiently cautious adults who know 
what they are doing, but I don't make that assumption. 
If their post indicates they know what they are doing, 
I respect that and am more than happy to tell them how 
to shoot themselves in the foot. If their post 
indicates that they haven't thought the question 
through, or worse, aren't even aware that there is a 
question to think through, then I'll behave differently.

If somebody writes to the newsgroup "Hi, I need help 
writing a Caesar shift cipher so I can encrypt some 
data" it would be sheer irresponsibility to answer 
their technical question without pointing out that a 
Caesar shift cipher is no more secure than rot13 (in 
fact, rot13 is a specific form of that cipher). So ask 
"Why?" -- if the answer is "I'm storing confidential 
medical records in a database", then you can gently 
apply the cluebat and, if you are lucky, protect YOUR 
medical records from being stolen from some clueless 
database vendor. If the answer is "I'm doing it to 
obfuscate some data in a game, I know this is extremely 
weak encryption", then that's a different ballgame.


Secondly:-

Because one of the most common errors on Usenet and the 
Internet is people asking the wrong question because of 
misunderstanding or false information. A recent example 
on this newsgroup: somebody had assumed, or been told, 
that Python lists were linked lists, and assuming that 
mylist[n] was a slow procedure because the linked list 
had to be walked, was wasting time trying to some up 
with some other solution. If we had merely answered 
their technical question, he would have solved a 
non-problem, learnt nothing, and ended up with slow 
inefficient code.

His real problem wasn't "How do I this...?". His real 
problem was that he was labouring under false 
apprehensions, and by asking "Why do you want to do 
this?", people solved his real problem.



> Sorry to rant about etiquette.  I just have a problem similar to the
> original poster's, and it pissed me off when I wrote to the newsgroup
> asking "how do I do x,y,z?" and somebody writes back saying "you really
> shouldn't want to do x,y,z..." when they really haven't a clue.

But the million dollar question is, after you had 
explained what you wanted to accomplish (rather than 
how you thought it should be accomplished), did people 
agree that x,y,z was the right way to go about it?



-- 
Steven.