Create a .lua fle from Python
Steven D'Aprano
steve at pearwood.info
Thu Oct 1 15:12:57 EDT 2015
On Wed, 30 Sep 2015 07:21 pm, jmp wrote:
>> Is Ariel's xml file user-supplied? If so, how does your suggestion
>> prevent the resulting lua script from executing arbitrary code?
>
> It does not. Like it doesn't fulfill the millions of possible
> requirements the OP could have written but did not. What if the OP want
> a thread safe, super fast, multi core solution distributed on multiple
> remote hosts ?
Then he should have said so.
We are not *required* to guess every last requirement that somebody might
have but didn't mention. But we do have a professional[1] duty of care to
warn an *obvious beginner* that he may be introducing a serious security
vulnerability into his code.
[1] In the sense of a job well done, not in the sense of "I got paid money
to write this shit". Think master craftsman, not interchangeable code
monkey.
--
Steven
More information about the Python-list
mailing list