[Numpy-discussion] How to use user input as equation directly
Ben Rowland
bennyrowland at mac.com
Fri Oct 28 09:29:31 EDT 2016
It is important to bear in mind where the code is being run - if this is something running on a researcher’s own system, they almost certainly have lots of other ways of messing it up. These kind of security vulnerabilities are normally only relevant when you are running code that came from somewhere else.
That being said, this use case sounds like it could work with the Jupyter notebook. If you want something that is like typing code into a .py file but evaluated at run time instead, why not just use an interactive Python REPL instead of eval(input()).
Ben
> On 27 Oct 2016, at 17:52, Benjamin Root <ben.v.root at gmail.com> wrote:
>
> "only be used by engineers/scientists for research"
>
> Famous last words. I know plenty of scientists who would love to "do research" with an exposed eval(). Full disclosure, I personally added a security hole into matplotlib thinking I covered all my bases in protecting an eval() statement.
>
> Ben Root
>
> On Thu, Oct 27, 2016 at 4:21 PM, djxvillain <djxvillain at gmail.com <mailto:djxvillain at gmail.com>> wrote:
> This will not be a public product and will only be used by other
> engineers/scientists for research. I don't think security should be a huge
> issue, but I appreciate your input and concern for the quality of my code.
>
>
>
> --
> View this message in context: http://numpy-discussion.10968.n7.nabble.com/How-to-use-user-input-as-equation-directly-tp43665p43670.html <http://numpy-discussion.10968.n7.nabble.com/How-to-use-user-input-as-equation-directly-tp43665p43670.html>
> Sent from the Numpy-discussion mailing list archive at Nabble.com.
> _______________________________________________
> NumPy-Discussion mailing list
> NumPy-Discussion at scipy.org <mailto:NumPy-Discussion at scipy.org>
> https://mail.scipy.org/mailman/listinfo/numpy-discussion <https://mail.scipy.org/mailman/listinfo/numpy-discussion>
>
> _______________________________________________
> NumPy-Discussion mailing list
> NumPy-Discussion at scipy.org
> https://mail.scipy.org/mailman/listinfo/numpy-discussion
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/numpy-discussion/attachments/20161028/91b863e8/attachment.html>
More information about the NumPy-Discussion
mailing list