Turning String into Numerical Equation
noway at sorry.com
Wed Mar 16 11:35:43 CET 2005
Michael Spencer wrote:
>> In fact, I believe my solution to be totally safe,
> That's a bold claim! I'll readily concede that I can't access
> func_globals from restricted mode eval (others may know better). But
> your interpreter is still be vulnerable to DOS-style attack from
> rogue calculations or quasi-infinite loops.
Yes, but I don't see your manually-rolled-up expression calculator being
DOS-safe. I believe DOS attacks to be a problem whenever you want to calculate
the result of an expression taken from the outside. What I was trying to show
is that my simple one-liner is no worse than a multi-page full-blown expression
parser and interpreter.
More information about the Python-list