Python as network protocol

Grant Edwards invalid at invalid.invalid
Tue Nov 10 17:50:43 CET 2009


On 2009-11-10, Steven D'Aprano <steve at REMOVE-THIS-cybersource.com.au> wrote:
> On Tue, 10 Nov 2009 16:31:13 +0100, Daniel Fetchinson wrote about using 
> exec:
>
>>> This is a *really* bad idea.
>> 
>> How do you know for sure? Maybe the OP wants to use this thing
>> with 3 known researchers working on a cluster that is not even
>> visible to the outside world.

And those three researchers are perfect?  They've never even
made a typographical error?

>> In such a setup the model the OP suggested is a perfectly
>> reasonable one. I say this because I often work in such an
>> environment and security is never an issue for us. And I find
>> it always amusing that whenever I outline our code to a
>> non-scientist programmer they always run away in shock and
>> never talk to us again 
>
> You might be a great scientist, but perhaps you should pay
> attention to the experts on programming who tell you that this
> is opening a potential security hole in your system.
>
> No, it's not a "perfectly reasonable" tactic. It's a risky
> tactic that only works because the environment you use it in
> is so limited and the users so trusted.

Even then it only works until a trusted user makes a mistake
and types the wrong thing. A stupid mistake can do just as much
damage as an evil mastermind.

-- 
Grant Edwards                   grante             Yow! Is this an out-take
                                  at               from the "BRADY BUNCH"?
                               visi.com            



More information about the Python-list mailing list