On Fri, Nov 21, 2014 at 9:33 PM, alister <alister.nospam.w...@ntlworld.com> wrote: > the data entered by the user is processed as if it was python code, this > means the user could enter a command (or sequence of commands) that cause > serious problems to you computer including but not limited to:- > > Installing a virus > Deleting all your data > causing your central heating to explode (unlikely but if your central > heating is on your network anything is possible)
That's the issue of malice. On a personal system, that's not really a question; there are plenty of programs I've written for my own use that have immense power. But there's also the risk of typos - one small error, and it's gone off doing crazy stuff. Now, maybe you want it to eval. There are times when I conceptually want "enter an integer", but it makes good sense to be able to type "1+2" and have it act as if I typed "3". That's fine... but if you want eval, write eval into your code. Be explicit: eval(raw_input("Enter a number: ")) makes it very clear that you're accepting code at the console. ChrisA -- https://mail.python.org/mailman/listinfo/python-list