On Fri, 2003-01-17 at 11:18, Randy Heiland wrote: > I want my servlet to be able to execute/evaluate arbitrary Python cmds and > assign output to arbitrary variables which will be referenced later. Can > someone offer pointers for safely doing this?
There's currently no way to safely execute arbitrary Python commands. However, you can generate commands on the server side (which presumably would be safe), put the commands in a hidden variable, and then sign that variable. You'd sign it by using MD5 or SHA1, and hashing the code concatenated with some server secret (probably a randomly generated key). You could then confirm that signature before executing the code. -- Ian Bicking <[EMAIL PROTECTED]> ------------------------------------------------------- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en _______________________________________________ Webware-discuss mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webware-discuss
