It is important to bear in mind where the code is being run - if this is something running on a researcher’s own system, they almost certainly have lots of other ways of messing it up. These kind of security vulnerabilities are normally only relevant when you are running code that came from somewhere else. That being said, this use case sounds like it could work with the Jupyter notebook. If you want something that is like typing code into a .py file but evaluated at run time instead, why not just use an interactive Python REPL instead of eval(input()). Ben
On 27 Oct 2016, at 17:52, Benjamin Root <ben.v.root@gmail.com> wrote:
"only be used by engineers/scientists for research"
Famous last words. I know plenty of scientists who would love to "do research" with an exposed eval(). Full disclosure, I personally added a security hole into matplotlib thinking I covered all my bases in protecting an eval() statement.
Ben Root
On Thu, Oct 27, 2016 at 4:21 PM, djxvillain <djxvillain@gmail.com <mailto:djxvillain@gmail.com>> wrote: This will not be a public product and will only be used by other engineers/scientists for research. I don't think security should be a huge issue, but I appreciate your input and concern for the quality of my code.
-- View this message in context: http://numpy-discussion.10968.n7.nabble.com/How-to-use-user-input-as-equatio... <http://numpy-discussion.10968.n7.nabble.com/How-to-use-user-input-as-equatio...> Sent from the Numpy-discussion mailing list archive at Nabble.com. _______________________________________________ NumPy-Discussion mailing list NumPy-Discussion@scipy.org <mailto:NumPy-Discussion@scipy.org> https://mail.scipy.org/mailman/listinfo/numpy-discussion <https://mail.scipy.org/mailman/listinfo/numpy-discussion>
_______________________________________________ NumPy-Discussion mailing list NumPy-Discussion@scipy.org https://mail.scipy.org/mailman/listinfo/numpy-discussion