Michael Spencer wrote: >> In fact, I believe my solution to be totally safe, > > That's a bold claim! I'll readily concede that I can't access > func_globals from restricted mode eval (others may know better). But > your interpreter is still be vulnerable to DOS-style attack from > rogue calculations or quasi-infinite loops.
Yes, but I don't see your manually-rolled-up expression calculator being DOS-safe. I believe DOS attacks to be a problem whenever you want to calculate the result of an expression taken from the outside. What I was trying to show is that my simple one-liner is no worse than a multi-page full-blown expression parser and interpreter. -- Giovanni Bajo -- http://mail.python.org/mailman/listinfo/python-list
