Re: [Zope] python script, from string to dictionary.

2008-02-11 Thread Chris Withers
Dieter Maurer wrote: - google for the bugs in python's rexec and bastion modules which lead to them being deprecated... I speak only about eval (not exec or rexec nor bastion). In the eval world, you only have expressions. And with the __builtins__ above, you have no builtin functions, no

Re: [Zope] python script, from string to dictionary.

2008-02-08 Thread Chris Withers
[EMAIL PROTECTED] wrote: I 'serialized' mysql data in order to flat one-to-many related tables. the resulting dictionaries (one per record) are i.e. as: mydict [ brandcode ] = { 'itemcode': 'some value', 'itemsizeavail': [ ('XL',), ('XXL',), ('S',) ], 'keythree': '', 'keyfour': [ ], ... } now

Re: [Zope] python script, from string to dictionary.

2008-02-08 Thread Chris Withers
Dieter Maurer wrote: It is easy to secure eval: globs = {'__builtins__':{}} eval(s, globs, globs) This ensures that eval cannot use any builtin functions -- especially, it cannot import anything. I'm fairly sure this isn't enough - google for the bugs in python's rexec and bastion

Re: [Zope] python script, from string to dictionary.

2008-02-08 Thread Dieter Maurer
Chris Withers wrote at 2008-2-8 11:14 +: Dieter Maurer wrote: It is easy to secure eval: globs = {'__builtins__':{}} eval(s, globs, globs) This ensures that eval cannot use any builtin functions -- especially, it cannot import anything. I'm fairly sure this isn't enough That

Re: [Zope] python script, from string to dictionary.

2008-02-07 Thread Chris Withers
Bill Campbell wrote: On Thu, Feb 07, 2008, Stefano Guglia wrote: hello! I converted a dictionary in a string, and now I need to change back the same string as a dictionary in a zope python script. s = repr(d) newdict = eval(s) NO! Never ever ever eval strings. At some point you will end

Re: [Zope] python script, from string to dictionary.

2008-02-07 Thread sguglia
On Thursday 07 February 2008 11:25:07 Chris Withers wrote: Bill Campbell wrote: On Thu, Feb 07, 2008, Stefano Guglia wrote: hello! I converted a dictionary in a string, and now I need to change back the same string as a dictionary in a zope python script. s = repr(d) newdict =

Re: [Zope] python script, from string to dictionary.

2008-02-07 Thread Dieter Maurer
Chris Withers wrote at 2008-2-7 10:25 +: Bill Campbell wrote: On Thu, Feb 07, 2008, Stefano Guglia wrote: hello! I converted a dictionary in a string, and now I need to change back the same string as a dictionary in a zope python script. s = repr(d) newdict = eval(s) NO! Never ever

Re: [Zope] python script, from string to dictionary.

2008-02-06 Thread Bill Campbell
On Thu, Feb 07, 2008, Stefano Guglia wrote: hello! I converted a dictionary in a string, and now I need to change back the same string as a dictionary in a zope python script. s = repr(d) newdict = eval(s) Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC URL: