On Tue, 2007-20-03 at 16:27 -0700, Bob Ippolito wrote: > On 3/20/07, iain duncan <[EMAIL PROTECTED]> wrote: > > > > On Tue, 2007-20-03 at 18:57 -0300, Jorge Godoy wrote: > > > iain duncan <[EMAIL PROTECTED]> writes: > > > > > > > I know one has to be *very careful* using eval with anything that comes > > > > from a url submission. It would however, but out a lot of conditionals. > > > > Can anyone tell me if it is safe to eval a string provided I previously > > > > do a positive match against it with an re containing alphabetical > > > > characters only? Is there anyway for python to do damage evaling one > > > > word? > > > > > > Why don't you use a dictionary? > > > > That's what I currently have, which is obviously fail safe. But I was > > thinking it would be nice to have one less place to insert new mapper > > objects into the code. > > One less place to have an explicit mapping is one more place where you > may have a security hole. The road you're trying to go down is pretty > sketchy.
Ok, thanks for the input. Dictionary it is. ;) Iain --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears?hl=en -~----------~----~----~----~------~----~------~--~---
