[Tutor] The Evil eval()
alan.gauld@bt.com
alan.gauld@bt.com
Fri, 12 Apr 2002 13:39:48 +0100
> list of lists all on one line. Something like:
>
> [[1, 2, 3, 4, 5], [2, 4, 6, 8, 10], [3, 6, 9, 12, 15], [4, 8,
> 12, 16, 20]]
>
> I will have to use eval().
Thats the easy way to do it yes.
> know that is dangerous and if someone knew I used that for
> this program, they could really mess things up.
If they have access to edit the file certainly.
> My question is, how do I make sure that
> what I am eval()-ing is a list of lists (of integers)?
The only way to be sure is to parse the entire file.
If you feel that is necessary I would actually consider
moving the data format to XML and using the precanned
parsers.
But is it really the case? Is there no way you can be
confident that the data files will not be tampered with?
One other thing which is pretty secure but not bombproof
would be to calculate a checksum for the file and store
that somewhere. You can compare the checksum with the
current files checksum to see if it has changed.
Thats pretty solid but not absolutely 100%...
Alan G.