remote read eval print loop
Ramchandra Apte
maniandram01 at gmail.com
Sat Aug 18 09:48:57 EDT 2012
More information about the Python-list mailing list
Sat Aug 18 09:48:57 EDT 2012
- Previous message (by thread): remote read eval print loop
- Next message (by thread): remote read eval print loop
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Not really. Try modifying ast.literal_eval. This will be quite secure. On 17 August 2012 19:36, Chris Angelico <rosuav at gmail.com> wrote: > On Fri, Aug 17, 2012 at 11:28 PM, Eric Frederich > <eric.frederich at gmail.com> wrote: > > Within the debugging console, after importing all of the bindings, there > > would be no reason to import anything whatsoever. > > With just the bindings I created and the Python language we could do > > meaningful debugging. > > So if I block the ability to do any imports and calls to eval I should be > > safe right? > > Nope. Python isn't a secured language in that way. I tried the same > sort of thing a while back, but found it effectively impossible. (And > this after people told me "It's not possible, don't bother trying". I > tried anyway. It wasn't possible.) > > If you really want to do that, consider it equivalent to putting an > open SSH session into your debugging console. Would you give that much > power to your application's users? And if you would, is it worth > reinventing SSH? > > ChrisA > -- > http://mail.python.org/mailman/listinfo/python-list > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-list/attachments/20120818/d3873b3b/attachment.html>
- Previous message (by thread): remote read eval print loop
- Next message (by thread): remote read eval print loop
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-list mailing list