Convert String to Dictionary question
Jeff Shannon
jeff at ccvcorp.com
Fri Feb 15 13:48:27 EST 2002
More information about the Python-list mailing list
Fri Feb 15 13:48:27 EST 2002
- Previous message (by thread): Convert String to Dictionary question
- Next message (by thread): stackless python
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jacek Generowicz wrote: > Jeff Shannon <jeff at ccvcorp.com> writes: > > > This works, but is generally a Bad Idea(tm). The problem > > with eval/exec on arbitrary strings (and any string you read > > in from a file is arbitrary) is that it's hard to be > > positive that what you're eval/exec-ing is what you expect. > > And if it's *not*, then many, many very bad things can > > happen. (Imagine someone "accidentally" replacing that > > textfile with one that contains the line "import > > os;os.system('rm -s /')" -- suddenly your entire filesystem > > is blank....) > > Writing python scripts works but is generally a Bad Idea(tm). > > Imagine somone "accidentally" replacing the textfile containing your > script with one that contains the line "import os;os.system('rm -s > /')" -- suddenly your entire filesystem is blank....) Okay, so that particular example is not the best. ;) However, I've seen people posting code that eval()'s interactive input, which *does* provide all sorts of opportunity for bad things. The point is still true, that exec and eval() are better avoided in 99.9% of situations; they're emergency-use-only. (It's good to keep a fire extinguisher around, but I wouldn't want to use it to put out a candle...) Jeff Shannon Technician/Programmer Credit International
- Previous message (by thread): Convert String to Dictionary question
- Next message (by thread): stackless python
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-list mailing list