Converting hex string to an integer
mwh at python.net
Fri Aug 27 14:20:03 CEST 2004
Peter Hansen <peter at engcorp.com> writes:
> Rick Holbert wrote:
> > Derek Fountain wrote:
> >>Given the character string "0x00A1B2C3" arriving at sys.argv how do I
> >>convert that to an integer which I can do some math on?
> > i = eval(sys.argv)
> That's dangerous advice to a newbie if not qualified carefully.
> Derek, "eval" could be the source of serious security problems
> if you don't understand its power. Specifically it should
> almost never be used for input that comes from a user or
> via the command line. There is pretty much always another
> and much better way to do the simple stuff like conversions
> than to use eval.
> For example, imagine if a malicious could feed your program this:
> (on the Linux command line)
> $ myscript "__import_('os').system('rm -rf /')"
Well, in this situation, he could just type
$ rm -rf /
I'm not particularly fond of singing GSTQ because she stands for
some things I don't, but it's not really worth letting politics
getting in the way of a good bawling. -- Dan Sheppard, ucam.chat
More information about the Python-list