Turning String into Numerical Equation

Giovanni Bajo noway at sorry.com
Wed Mar 16 11:35:43 CET 2005


Michael Spencer wrote:

>> In fact, I believe my solution to be totally safe,
>
> That's a bold claim!  I'll readily concede that I can't access
> func_globals from restricted mode eval (others may know better).  But
> your interpreter is still be vulnerable to DOS-style attack from
> rogue calculations or quasi-infinite loops.


Yes, but I don't see your manually-rolled-up expression calculator being
DOS-safe. I believe DOS attacks to be a problem whenever you want to calculate
the result of an expression taken from the outside. What I was trying to show
is that my simple one-liner is no worse than a multi-page full-blown expression
parser and interpreter.
-- 
Giovanni Bajo





More information about the Python-list mailing list