Simple and safe evaluator

bvdp bob at mellowood.ca
Thu Jun 12 21:31:35 CEST 2008


George Sakkis wrote:

> You probably missed the point in the posted examples. A malicious user
> doesn't need to modify your program code to have access to far more
> than you would hope, just devise an appropriate string s and pass it
> to your "safe" eval.

Oppps, I did miss the point. I was assuming that the modifying stuff was 
being done before the call to the eval(). I was wrong.

I'll have to get the ast based code incorporated into my code and just 
use it. Darn, but it seems that each and every time one sees a simple 
solution to a simple problem ... :)

Thanks.




More information about the Python-list mailing list