text adventure game module for Python
Andreas Kostyrka
andreas at kostyrka.priv.at
Tue Jul 30 02:18:13 EDT 2002
Am Sam, 2002-07-20 um 10.22 schrieb Michael Bauers:
> I understand a concern like that actually.
>
> I am not sure what a system like I am developing could do to avoid it
> however.
Well, it's trivial. There three categories of people here:
1) you; (makes the game module)
2) game writer; (makes a game)
3) player.
Now 1+2 always can sabotage the system. But with the exec string, the
player can do it also. Now you still can say the user could have done it
anyway without starting a game. But consider say a web version. In this
case some anonymous web user might execute arbitraty commands. not nice.
Basically, instead of exec you should use rather something like this:
objstr # is the object name as a string.
obj=getattr(allobjects,objstr)
# or:
obj=globals()[objstr]
In a further consideration you might ask yourself why you do exec at
all?
Why do you not define something like this:
obj # is our object
verb # is the verbstr
cmd=getattr(obj,"cmd_"+verb,None)
if cmd:
cmd(verb,obj,....)
else:
output("I do not know how to do this.")
This way every object can define which actions are sensible on it, and
you can use inheritence to provide the implementation. (Just make mixin
classes, and then define some classes like this:)
class Bottle(Dropable,Drinkable,Throwable,Physical,...):
pass
objs.add(Bottle("blue bottle",location=redSalon)
> Someone creating code for this system could do the same thing manually from
> within their program whenever they wated to however. I do not see how the
> environment I am creating makes it any easier for malicious code.
It's about the game players, not the author. :)
Andreas
More information about the Python-list
mailing list