[Tutor] executing a string representing python code
ALAN GAULD
alan.gauld at btinternet.com
Tue Mar 6 22:03:59 CET 2007
> Hm, I'm not sure I see your point. Could an evil hacker not just
> as
easily change the dictionary in the python code
> (or somewhere else in
the code) to perform such evil operations?
If they have access to the source code you are right of course.
But typically the source will be in a secure folder somewhere
whereas the 'data' files will be more public. In the kind of applications
that need to do this it tends to be the nature of the beast that the
data files are either hand crafted by someone other than the original
programmer (after all he/she would just write code, its far easier!)
or they are auto generated from a database or from web input.
So if the data files aand source code are both well protected then
there is no problem. If both are publicly avbailable then there's a
problem either way but in the common scenario where the data
files are 'public' and the source is hidden/secured then we have
the problem I described.
Hope that clarifies things,
Alan G.
___________________________________________________________
Copy addresses and emails from any email account to Yahoo! Mail - quick, easy and free. http://uk.docs.yahoo.com/trueswitch2.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/tutor/attachments/20070306/21e4a753/attachment.htm
More information about the Tutor
mailing list