"bob gailer" <[EMAIL PROTECTED]> wrote
> modname = raw_input()
> exec "import " + modname
>
> That can be a security risk, in that a use could
> enter "time; import os; os.rmdir('some_valuable_directory')"
Even more risky is the fact that modules can contain executable
code that is run when the module is imported. If someone wrote
such a module they would only need to type the filename and
the exec would result in the rogue code being executed. If the
rogue code had the same name as a standard module it would
be extremely hard to detect. All of which are good reasons
for not doing this unless you intend to build an IDE or
somesuch - and even then there are better solutions!
HTH,
--
Alan Gauld
Author of the Learn to Program web site
http://www.freenetpages.co.uk/hp/alan.gauld
_______________________________________________
Tutor maillist - Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor
