eval() == evil? --- How to use it safely?
Fett
FettManChu at gmail.com
Fri Aug 29 08:42:46 EDT 2008
On Aug 28, 7:57 pm, Paul Rubin <http://phr...@NOSPAM.invalid> wrote:
So long story short: if I am expecting a dictionary of strings, I
should make a parser that only accepts a dictionary of strings then.
There is no safe way to use an existing construct.
That is what I was afraid of. I know I will have to deal with the
possibility of bad data, but considering my use (an acronym legend for
a database), and the fact that the site I plan to use should be
secure, these issues should be minimal. The users should be able to
spot any obvious false data, and restoring it should be simple.
Many thanks to all of you for your alarmist remarks. I certainly don't
want to, in any way, put my clients computers at risk by providing
unsafe code.
More information about the Python-list
mailing list