eval vs. exec
holger krekel
pyth at devel.trillke.net
Tue May 28 04:30:15 EDT 2002
Delaney, Timothy wrote:
> > If your strings are coming from a public web-application
> > it's a different matter, of course. But not everything is
> > a web-application.
>
> In the particular case we are talking about, the strings are coming from an
> external source - maybe not a public web application, but external
> nonetheless.
>
> There is always a tradeoff of convenience vs security. Security is not just
> malicious - it's also about accidents. A classic case is teaching. Students
> tend to make more mistakes than professionals. It is very important to limit
> the amount of damage they can do. A large part of this is giving them an
> environment which is "safe" - limited disk quotas and privilege levels. If
> they *cannot* cause damage, no matter what they do, then by all means give
> them unlimited eval/exec access. Just don't be surprised when you find
> someone accidentally DOSing your mission-critical server because you forgot
> to unplug the student server from the network.
This reminds of an accident on the german stock market last year.
The all important DAX index dropped by IIRC 16% in a few minutes.
They had a 'teaching' system which the students could use
for practicing buying/selling stocks. It turned out that this teaching
system was connected to the real thing and someone had justed ordered
5.000.000 stocks...
Couldn't have been prevented by better exec/eval-handling, i guess :-)
Seriously, i don't think we have much of a disagreement:
If you are working on anything remotely mission critical,
take care of (and probably avoid) execing/evaling stuff.
Otherwise it's still good practice but maybe not worth it.
regards,
holger
More information about the Python-list
mailing list