need fast parser for comma/space delimited numbers

[Moshe Zadka]

On 18 Mar 2000, Bernhard Herzog wrote:

<about eval>
> It is, of yourse a gaping security hole unless you use rexec.

Sorry to pick on you (I do admire you for Sketch) but this is a common
myth, which is totally untrue. Think about a random program, say, hmmm...
Sketch. I run it from my account. Now say Sketch wants to let me execute
some random Python code -- how is it a security hole? If I wanted to
delete my file system, I'd do it myself. I don't seen Sketch, so I
can type into it __import__("shutil").rmtree('/'), no I can just rm -rf
myself.

Now, most Python programs (certainly most scientific Python programs) are
not run as CGI's and the like, but rather by the user who wants them to 
run. So, using eval/exec without rexec is perfectly allright from a
security POV.

The only problem is that you're executing random Python code, which means
you won't be able to understand bug-reports. But that's a reason to use
eval/exec with the optional dictionaries, not for rexec.

My minor rant for today.

Keep Sketching!
--
Moshe Zadka <mzadka at geocities.com>. 
http://www.oreilly.com/news/prescod_0300.html
http://www.linux.org.il -- we put the penguin in .com