Dieter Maurer wrote:
It is easy to secure "eval":

   globs = {'__builtins__':{}}
   eval(s, globs, globs)

This ensures that "eval" cannot use any builtin functions --
especially, it cannot import anything.

I'm fairly sure this isn't enough - google for the bugs in python's rexec and bastion modules which lead to them being deprecated...



Simplistix - Content Management, Zope & Python Consulting
Zope maillist  -
**   No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to