Dieter Maurer wrote:
It is easy to secure "eval":

   globs = {'__builtins__':{}}
   eval(s, globs, globs)

This ensures that "eval" cannot use any builtin functions --
especially, it cannot import anything.

I'm fairly sure this isn't enough - google for the bugs in python's rexec and bastion modules which lead to them being deprecated...

cheers,

Chris

--
Simplistix - Content Management, Zope & Python Consulting
           - http://www.simplistix.co.uk
_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to