Use eval() safely?
Steven D'Aprano
steven at REMOVE.THIS.cybersource.com.au
Tue Feb 23 02:08:30 EST 2010
On Mon, 22 Feb 2010 11:45:10 -0800, Jonathan Gardner wrote:
> Why would you ever run untrusted code on any machine in any language,
> let alone Python?
Because sometimes you have to run untrusted code, so you want to run it
in a sandbox so it can't eat your machine.
E.g. viewing PDF files.
Or you might be building an app that allows the user to enter code and
execute it:
http://tryruby.org/
> If you're writing a web app, make it so that you only run trusted code.
> That is, code installed by the admin, or approved by the admin.
But do you trust the admin? Do you think your admin has audited the
entire tool chain of every application, library and operating system
module in your system?
--
Steven
More information about the Python-list
mailing list