On 11/02/2014 04:49 PM, Danny Yoo wrote:
Hi Alex,

Just as a side note, someone has probably already told you something
like this, but:  I would strongly recommend not to use Python's eval()
or exec().  Those language features are dangerous.  Every eval() or
exec() is a possible vector for injection attacks.  This week's
injection attack of the week appears to be Drupal:
https://www.drupal.org/PSA-2014-003, and it's certainly not going to
be the last, but why should we encourage this?

In the face of this, we have to admit to ourselves that these features
are hard to use.  Beginners should certainly give those features a
very wide berth.  I don't think it's crazy to say that community
wisdom is to strongly discourage dynamic code evaluation features
unless we have no other choice.

Are you just exploring the features of Python, or is there a
particular task you're trying to solve with eval or exec()?  Perhaps
you can accomplish the same goal in another way?
_______________________________________________
Tutor maillist  -  Tutor@python.org
To unsubscribe or change subscription options:
https://mail.python.org/mailman/listinfo/tutor


I use exec to jump to another program within the
same directory, such as:

execfile("BloodPressure02Sorting.py")

and let the program terminate there. Should I do
it differently or are you talking about a different
horse?

Ken


_______________________________________________
Tutor maillist  -  Tutor@python.org
To unsubscribe or change subscription options:
https://mail.python.org/mailman/listinfo/tutor

Reply via email to