Constructing an if statement from the client data in python
Terry Reedy
tjreedy at udel.edu
Tue Apr 13 13:58:00 EDT 2010
On 4/13/2010 11:56 AM, Vishal Rana wrote:
> Hi,
>
> I need to construct an if statement from the data coming from the client
> as below:
>
> conditions: condition1, condition2, condition3, condition4 logical
> operators: lo1, lo2, lo3 (Possible values: "and" "or")
>
> Eg.
>
> |if condition1 lo1 condition2 lo3 condition4:
>
> # Do something
>
> |
>
> I can think of eval/exec but not sure how safe they are! Any better
> approach or alternative? Appreciate your responses :)
>
> PS: Client-side: Flex, Server-side: Python, over internet
Unless Python on the server is properly sandboxed (not easy), this is
not safe. Consider 'conditions' like
10000**10000
__import__('subprocess').Popen(['format', 'C:']) # don't test this !!!
I may not have the latter exactly correct but you should get the idea.
So sandboxing requires OS supervision and limitation of time and space
consumption as well as removal from Python of dangerous builtins and
modules.
Terry Jan Reedy
More information about the Python-list
mailing list