On 3/20/07, iain duncan <[EMAIL PROTECTED]> wrote: > > On Tue, 2007-20-03 at 18:57 -0300, Jorge Godoy wrote: > > iain duncan <[EMAIL PROTECTED]> writes: > > > > > I know one has to be *very careful* using eval with anything that comes > > > from a url submission. It would however, but out a lot of conditionals. > > > Can anyone tell me if it is safe to eval a string provided I previously > > > do a positive match against it with an re containing alphabetical > > > characters only? Is there anyway for python to do damage evaling one > > > word? > > > > Why don't you use a dictionary? > > That's what I currently have, which is obviously fail safe. But I was > thinking it would be nice to have one less place to insert new mapper > objects into the code.
One less place to have an explicit mapping is one more place where you may have a security hole. The road you're trying to go down is pretty sketchy. -bob --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears?hl=en -~----------~----~----~----~------~----~------~--~---
