"a better input"
Gareth McCaughan
Gareth.McCaughan at pobox.com
Thu May 9 17:07:29 EDT 2002
Steve Holden wrote:
[I said:]
> > I don't actually mind if an input() replacement evaluates 2+3.
> > I do mind if it is able to do arbitrary computation, where
> > "arbitrary" is fuzzily defined to cover things like
> >
> > 1 anything that could take a large amount of time or
> > memory to compute;
> >
> > (rationale: we don't want to facilitate DoS attacks;
> > users will find it counterintuitive if what they think
> > of as reading a value can consume unbounded resources.)
>
> So, for example, 2**100 is OK, but 2**10000000 is right out?
Er, no. ** should be right out because 2**10000000 should be.
I'm not proposing that input() should have the semantics
"any expression that can be evaluated safely is OK", but
that there should be some simpler set of rules that has that
as a consequence. If there is no reasonably simple such set
of rules, then the idea is unworkable.
--
Gareth McCaughan Gareth.McCaughan at pobox.com
.sig under construc
More information about the Python-list
mailing list