Linux security: mixing assignment with expression
Dave Benjamin
ramen at lackingtalent.com
Wed Nov 12 16:00:42 EST 2003
In article <3fb29ad8.64867835 at news.cybermesa.com>, Jay O'Connor wrote:
> On Wed, 12 Nov 2003 20:27:14 -0000, Dave Benjamin
><ramen at lackingtalent.com> wrote:
>
>>In this case, the ability to mix assignment with expression in C not only
>>affected readability but--as a result--security. I think this clearly lends
>>credibility to Guido's design decision to deliberately prevent this sort of
>>"mistake".
>
> I still prefer the solutions from other languages that use real
> boolean types and then either don't allow boolean evaluation of
> numbers (Smalltalk) or don't allow assignment of numbers to booleans
> (Ada)
This still wouldn't be sufficient to prevent the following (admittedly
contrived) example:
if foo in [BAR, BAZ] and (admin_priveleges = True):
return oof
As far as the boolean evaluation issue is concerned, it's a tradeoff between
convenience and clarity sometimes. It's nice to treat an empty list as a
false value:
if items_left:
item = items_left.pop()
diddle(item)
But maybe we're back to the ol' implicit/explicit argument.
Smalltalk is particularly unusual in how it handles booleans. In Python
syntax, it would have to be something like:
Boolean(len(items_left == 0)).ifTrue(lambda: diddle(items_left.pop()))
--
.:[ dave benjamin (ramenboy) -:- www.ramenfest.com -:- www.3dex.com ]:.
: d r i n k i n g l i f e o u t o f t h e c o n t a i n e r :
More information about the Python-list
mailing list