Re: [Numpy-discussion] How to use user input as equation directly

2016-10-28 Thread Robert McLeod
On Thu, Oct 27, 2016 at 11:35 PM, Benjamin Root wrote: > Perhaps the numexpr package might be safer? Not exactly meant for this > situation (meant for optimizations), but the evaluator is pretty darn safe. > > It would not be able to evaluate something like 'np.arange(50)'

Re: [Numpy-discussion] How to use user input as equation directly

2016-10-28 Thread Ben Rowland
It is important to bear in mind where the code is being run - if this is something running on a researcher’s own system, they almost certainly have lots of other ways of messing it up. These kind of security vulnerabilities are normally only relevant when you are running code that came from

Re: [Numpy-discussion] How to use user input as equation directly

2016-10-27 Thread Benjamin Root
"only be used by engineers/scientists for research" Famous last words. I know plenty of scientists who would love to "do research" with an exposed eval(). Full disclosure, I personally added a security hole into matplotlib thinking I covered all my bases in protecting an eval() statement. Ben

Re: [Numpy-discussion] How to use user input as equation directly

2016-10-27 Thread djxvillain
This will not be a public product and will only be used by other engineers/scientists for research. I don't think security should be a huge issue, but I appreciate your input and concern for the quality of my code. -- View this message in context:

Re: [Numpy-discussion] How to use user input as equation directly

2016-10-27 Thread Benjamin Root
Perhaps the numexpr package might be safer? Not exactly meant for this situation (meant for optimizations), but the evaluator is pretty darn safe. Ben Root On Thu, Oct 27, 2016 at 5:33 PM, John Ladasky wrote: > This isn't just a Numpy issue. You are interested in Python's

Re: [Numpy-discussion] How to use user input as equation directly

2016-10-27 Thread John Ladasky
This isn't just a Numpy issue. You are interested in Python's eval(). Keep in mind that any programming language that blurs the line between code and data (many do not) has a potential security vulnerability. What if your user doesn't type "x = 2*np.sin(2*np.pi*44100*t+np.pi/2)" but instead

Re: [Numpy-discussion] How to use user input as equation directly

2016-10-27 Thread djxvillain
That worked perfectly. I've been googling how to do this, I guess I didn't phrase it correctly. Thank you very much. You just saved me a ton of time. -- View this message in context: http://numpy-discussion.10968.n7.nabble.com/How-to-use-user-input-as-equation-directly-tp43665p43667.html

Re: [Numpy-discussion] How to use user input as equation directly

2016-10-27 Thread Ryan May
On Thu, Oct 27, 2016 at 1:58 PM, djxvillain wrote: > Hello all, > > I am an electrical engineer and new to numpy. I need the ability to take > in > user input, and use that input as a variable. For example: > > t = input('enter t: ') > x = input('enter x: ') > > I need

[Numpy-discussion] How to use user input as equation directly

2016-10-27 Thread djxvillain
Hello all, I am an electrical engineer and new to numpy. I need the ability to take in user input, and use that input as a variable. For example: t = input('enter t: ') x = input('enter x: ') I need the user to be able to enter something like x = 2*np.sin(2*np.pi*44100*t+np.pi/2) and it be