Turning String into Numerical Equation
Giovanni Bajo
noway at sorry.com
Wed Mar 16 05:35:43 EST 2005
Michael Spencer wrote:
>> In fact, I believe my solution to be totally safe,
>
> That's a bold claim! I'll readily concede that I can't access
> func_globals from restricted mode eval (others may know better). But
> your interpreter is still be vulnerable to DOS-style attack from
> rogue calculations or quasi-infinite loops.
Yes, but I don't see your manually-rolled-up expression calculator being
DOS-safe. I believe DOS attacks to be a problem whenever you want to calculate
the result of an expression taken from the outside. What I was trying to show
is that my simple one-liner is no worse than a multi-page full-blown expression
parser and interpreter.
--
Giovanni Bajo
More information about the Python-list
mailing list