Safe eval?
Philipp Lenssen
lenssen at hitnet.rwth-aachen.de
Tue Apr 16 16:54:06 EDT 2002
More information about the Python-list mailing list
Tue Apr 16 16:54:06 EDT 2002
- Previous message (by thread): Safe eval?
- Next message (by thread): Safe eval?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
"Philipp Lenssen" <lenssen at hitnet.rwth-aachen.de> wrote in message news:a9i2kg$cg8$1 at nets3.rz.RWTH-Aachen.DE... > Is it possible to have a safe eval() on the server-side even when the string > consists of submitted user data? >.. I forgot to mention: all that should be allowed is arithmetics (boolean as well) plus a limited set of functions that I write & define. Say the following is OK (I already replaced internal variables here): 1 == 2 and false or (10 + 3 * 2) == 4 or internal_harmlessFunction() == true Whereas this clearly isn't: 1 == 2 and false or (10 + 3 * 2) == 4 or delete_all_files('c:\\') == true I just realized, as opposed to PHP, there's much stricter namespaces in Python and maybe not using "import" on anything harmful could be the solution?
- Previous message (by thread): Safe eval?
- Next message (by thread): Safe eval?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-list mailing list