<br><br><div><span class="gmail_quote">On 4/10/07, <b class="gmail_sendername">Greg Ewing</b> <<a href="mailto:firstname.lastname@example.org">email@example.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Phillip J. Eby wrote:<br><br>> The __subclasses__ method is useful -- even more so in 3.x than in 2.x,<br>> because in 3.x there are no classic classes.<br><br>For security purposes, I think it would be better to<br>
adopt a principle that it shouldn't be possible to<br>do anything dangerous merely by instantiating a<br>class (e.g. open() opens files, but file() doesn't).<br>Then __subclasses__ would be harmless.</blockquote><div>
<br><br>True. As long as you don't use class attributes or have dangerous default arguments (and that is the kicker usually) then that policy is doable.<br><br>And I should clarify that the method does not need to disappear as it can move to an extension module somewhere. I just don't want it exposed right off of object and thus in the built-in namespace.