On Fri, Jul 12, 2013 at 9:23 PM, Walter Bright <[email protected]>wrote:
> On 7/12/2013 5:00 PM, Timothee Cour wrote: > >> Let's put it another way: if I or someone else made a pull request for >> CTFE >> "exec", would it have a chance of being accepted? >> > > A big problem with it would be the equivalent of the "SQL Injection > Exploit". Since the compiler can now execute arbitrary code, someone > passing around malicious source code could do anything to your system. > > Which is why I suggested in my first post above that it should be enabled by a compiler switch (eg: dmd -enable_exec) for safety reasons (just as string import requires -J). At the very least it is useful for debugging personal projects.
