eval() == evil? --- How to use it safely?
Lie
Lie.1296 at gmail.com
Fri Aug 29 12:25:47 EDT 2008
On Aug 29, 8:14 pm, Fett <FettMan... at gmail.com> wrote:
> On Aug 29, 7:42 am, Fett <FettMan... at gmail.com> wrote:
>
> > On Aug 28, 7:57 pm, Paul Rubin <http://phr...@NOSPAM.invalid> wrote:
>
> > So long story short: if I am expecting a dictionary of strings, I
> > should make a parser that only accepts a dictionary of strings then.
> > There is no safe way to use an existing construct.
>
> > That is what I was afraid of. I know I will have to deal with the
> > possibility of bad data, but considering my use (an acronym legend for
> > a database), and the fact that the site I plan to use should be
> > secure, these issues should be minimal. The users should be able to
> > spot any obvious false data, and restoring it should be simple.
>
> > Many thanks to all of you for your alarmist remarks. I certainly don't
> > want to, in any way, put my clients computers at risk by providing
> > unsafe code.
>
> On a related note, what if I encrypted and signed the data, then only
> ran eval() on the string after it was decrypted and the signature
> verified?
>
> It has occurred to me that posting this data on a site might not be
> the best idea unless I can be sure that it is not read by anyone that
> it shouldn't be. So I figure an encrypting is needed, and as long as I
> can sign it as well, then only people with my private signing key
> could pass bad data, much less harmful strings.
Your way of thinking is similar to Microsoft's. Encrypting and Signing
is a kludge, a real fix should fix the underlying cause. Anyway using
data parsers isn't that much harder than using eval/exec.
More information about the Python-list
mailing list