Dieter Maurer wrote:
It is easy to secure "eval":
globs = {'__builtins__':{}}
eval(s, globs, globs)
This ensures that "eval" cannot use any builtin functions --
especially, it cannot import anything.
I'm fairly sure this isn't enough - google for the bugs in python's
rexec and bastion modules which lead to them being deprecated...
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
_______________________________________________
Zope maillist - [email protected]
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
