Dieter Maurer wrote:
- google for the bugs in python's
rexec and bastion modules which lead to them being deprecated...
I speak only about eval (not exec or rexec nor bastion).
In the eval world, you only have expressions.
And with the __builtins__ above, you have no builtin functions,
no
[EMAIL PROTECTED] wrote:
I 'serialized' mysql data in order to flat one-to-many related tables. the
resulting dictionaries (one per record) are i.e. as:
mydict [ brandcode ] =
{
'itemcode': 'some value',
'itemsizeavail':
[
('XL',),
('XXL',),
('S',)
],
'keythree': '',
'keyfour': [ ],
...
}
now
Dieter Maurer wrote:
It is easy to secure eval:
globs = {'__builtins__':{}}
eval(s, globs, globs)
This ensures that eval cannot use any builtin functions --
especially, it cannot import anything.
I'm fairly sure this isn't enough - google for the bugs in python's
rexec and bastion
Chris Withers wrote at 2008-2-8 11:14 +:
Dieter Maurer wrote:
It is easy to secure eval:
globs = {'__builtins__':{}}
eval(s, globs, globs)
This ensures that eval cannot use any builtin functions --
especially, it cannot import anything.
I'm fairly sure this isn't enough
That
Bill Campbell wrote:
On Thu, Feb 07, 2008, Stefano Guglia wrote:
hello!
I converted a dictionary in a string, and now I need to change back the
same string as a dictionary in a zope python script.
s = repr(d)
newdict = eval(s)
NO!
Never ever ever eval strings. At some point you will end
On Thursday 07 February 2008 11:25:07 Chris Withers wrote:
Bill Campbell wrote:
On Thu, Feb 07, 2008, Stefano Guglia wrote:
hello!
I converted a dictionary in a string, and now I need to change back the
same string as a dictionary in a zope python script.
s = repr(d)
newdict =
Chris Withers wrote at 2008-2-7 10:25 +:
Bill Campbell wrote:
On Thu, Feb 07, 2008, Stefano Guglia wrote:
hello!
I converted a dictionary in a string, and now I need to change back the
same string as a dictionary in a zope python script.
s = repr(d)
newdict = eval(s)
NO!
Never ever
On Thu, Feb 07, 2008, Stefano Guglia wrote:
hello!
I converted a dictionary in a string, and now I need to change back the
same string as a dictionary in a zope python script.
s = repr(d)
newdict = eval(s)
Bill
--
INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC
URL: