<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font face="Courier New, Courier, monospace"><font face="Courier
New, Courier, monospace"><br>
</font></font>
<div class="moz-cite-prefix">On 11/02/2014 04:49 PM, Danny Yoo
wrote:<br>
</div>
<blockquote
cite="mid:CAGZAPF7uZje8oroCJAWArReBDQEkmAFqOfGmEQMu5NA1DhoG4g@mail.gmail.com"
type="cite">
<pre wrap="">Hi Alex,
Just as a side note, someone has probably already told you something
like this, but: I would strongly recommend not to use Python's eval()
or exec(). Those language features are dangerous. Every eval() or
exec() is a possible vector for injection attacks. This week's
injection attack of the week appears to be Drupal:
<a class="moz-txt-link-freetext" href="https://www.drupal.org/PSA-2014-003">https://www.drupal.org/PSA-2014-003</a>, and it's certainly not going to
be the last, but why should we encourage this?
In the face of this, we have to admit to ourselves that these features
are hard to use. Beginners should certainly give those features a
very wide berth. I don't think it's crazy to say that community
wisdom is to strongly discourage dynamic code evaluation features
unless we have no other choice.
Are you just exploring the features of Python, or is there a
particular task you're trying to solve with eval or exec()? Perhaps
you can accomplish the same goal in another way?
_______________________________________________
Tutor maillist - <a class="moz-txt-link-abbreviated" href="mailto:Tutor@python.org">Tutor@python.org</a>
To unsubscribe or change subscription options:
<a class="moz-txt-link-freetext" href="https://mail.python.org/mailman/listinfo/tutor">https://mail.python.org/mailman/listinfo/tutor</a>
</pre>
</blockquote>
<font face="Courier New, Courier, monospace"><br>
I use e<font face="Courier New, Courier, monospace">xec to jump to
another program within the<br>
<font face="Courier New, Courier, monospace">sam<font
face="Courier New, Courier, monospace">e directory</font></font>,
such as:<br>
<br>
execfile("BloodPressure02Sorting.py")<br>
<br>
<font face="Courier New, Courier, monospace">and let the <font
face="Courier New, Courier, monospace">program terminate
there. Should I do<br>
<font face="Courier New, Courier, monospace">it differently
or <font face="Courier New, Courier, monospace">are you
tal<font face="Courier New, Courier, monospace">king
about a dif<font face="Courier New, Courier,
monospace">ferent<br>
<font face="Courier New, Courier, monospace">horse</font></font></font>?<br>
<br>
<font face="Courier New, Courier, monospace">Ken<br>
</font></font></font></font></font></font></font><br>
<br>
</body>
</html>