On Thu, Sep 8, 2011 at 11:04 PM, H Krishnan <span dir="ltr"><<a href="mailto:hetchkay@gmail.com">hetchkay@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0.8ex; border-left-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; padding-left: 1ex; ">
<div>The use-case I had in mind was related to a customization tool we are developing. We want to allow users to define expressions and assign them to names. We 'eval' the expressions subsequently. We have to currently prevent users from using any python keyword as a name, which I felt was an unnecessary restriction.</div>
</blockquote><div><font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif">Now that you've defined the actual use case you had in mind, it's a good reason not to use this. Using 'eval' on user-provided expressions is risky in many ways. If you restrict the expressions to simple operators like +-*/ then that's easy (and safer) to process without using eval (or if you are using eval, it's easy to replace every variable X with something like data["X"] completely eliminating the possibility of information leakage). If you're allowing calls to arbitrary functions then you're probably going to have some security holes in your app. For example, you better make sure to disallow expressions like:</font></div>
<div><font face="arial, helvetica, sans-serif"><br></font></div><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;"><div><font class="Apple-style-span" face="'courier new', monospace">__import__('sys').exit()</font></div>
</blockquote><div>or</div><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;"><div><font class="Apple-style-span" face="'courier new', monospace">[i for i in range(2**100) if i < 1]</font></div>
</blockquote><div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">and lots of others.</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br>
</font></div><div><font face="arial, helvetica, sans-serif">--- Bruce</font><div><font face="arial, helvetica, sans-serif">Follow me: <a href="http://www.twitter.com/Vroo" target="_blank">http://www.twitter.com/Vroo</a> <a href="http://www.vroospeak.com" target="_blank">http://www.vroospeak.com</a></font></div>
<div><font face="arial, helvetica, sans-serif"><br></font></div>P.S.. Yes, that's valid scheme? So what? Redefining 'define' pretty much guarantees that the rest of your program will fail.<div><span class="Apple-style-span" style="font-family: monospace; font-size: 13px; white-space: pre; background-color: rgb(240, 240, 240); "><pre class="de1" style="margin-top: 0px; margin-bottom: 0px; padding-bottom: 5px; padding-top: 3px; padding-left: 10px; ">
<span class="br0" style="line-height: 13px !important; color: rgb(102, 204, 102); ">(</span><span class="kw1" style="line-height: 13px !important; color: rgb(177, 177, 0); ">define</span><font class="Apple-style-span" color="#000066"> </font><span class="kw1" style="line-height: 13px !important; color: rgb(177, 177, 0); ">define</span><font class="Apple-style-span" color="#000066"> </font><span class="nu0" style="line-height: 13px !important; color: rgb(204, 102, 204); ">3</span><span class="br0" style="line-height: 13px !important; color: rgb(102, 204, 102); ">)</span><font class="Apple-style-span" color="#000066">
</font><span class="br0" style="line-height: 13px !important; color: rgb(102, 204, 102); ">(</span><span class="kw1" style="line-height: 13px !important; color: rgb(177, 177, 0); ">display</span><font class="Apple-style-span" color="#000066"> </font><span class="br0" style="line-height: 13px !important; color: rgb(102, 204, 102); ">(</span><span class="sy0" style="line-height: 13px !important; color: rgb(102, 204, 102); ">*</span><font class="Apple-style-span" color="#000066"> </font><span class="kw1" style="line-height: 13px !important; color: rgb(177, 177, 0); ">define</span><font class="Apple-style-span" color="#000066"> </font><span class="nu0" style="line-height: 13px !important; color: rgb(204, 102, 204); ">5</span><span class="br0" style="line-height: 13px !important; color: rgb(102, 204, 102); ">)</span><span class="br0" style="line-height: 13px !important; color: rgb(102, 204, 102); ">) </span><span class="br0" style="line-height: 13px !important; ">=> 15</span><font class="Apple-style-span" color="#000066">
</font><span class="br0" style="line-height: 13px !important; color: rgb(102, 204, 102); ">(</span><span class="kw1" style="line-height: 13px !important; color: rgb(177, 177, 0); ">define</span><font class="Apple-style-span" color="#000066"> x </font><span class="nu0" style="line-height: 13px !important; color: rgb(204, 102, 204); ">4</span><span class="br0" style="line-height: 13px !important; color: rgb(102, 204, 102); ">) </span><span class="br0" style="line-height: 13px !important; ">=> FAIL</span></pre>
</span><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">The fact that another language allows you to shoot yourself in the foot isn't a good argument that Python should allow that too.</font></div>
<div><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></div></div></div></div>