Using Python for date calculations
Chris Angelico
rosuav at gmail.com
Fri Nov 21 05:47:58 EST 2014
On Fri, Nov 21, 2014 at 9:33 PM, alister
<alister.nospam.ware at ntlworld.com> wrote:
> the data entered by the user is processed as if it was python code, this
> means the user could enter a command (or sequence of commands) that cause
> serious problems to you computer including but not limited to:-
>
> Installing a virus
> Deleting all your data
> causing your central heating to explode (unlikely but if your central
> heating is on your network anything is possible)
That's the issue of malice. On a personal system, that's not really a
question; there are plenty of programs I've written for my own use
that have immense power. But there's also the risk of typos - one
small error, and it's gone off doing crazy stuff.
Now, maybe you want it to eval. There are times when I conceptually
want "enter an integer", but it makes good sense to be able to type
"1+2" and have it act as if I typed "3". That's fine... but if you
want eval, write eval into your code. Be explicit:
eval(raw_input("Enter a number: ")) makes it very clear that you're
accepting code at the console.
ChrisA
More information about the Python-list
mailing list