Use eval() safely?

Steven D'Aprano steven at REMOVE.THIS.cybersource.com.au
Tue Feb 23 08:08:30 CET 2010


On Mon, 22 Feb 2010 11:45:10 -0800, Jonathan Gardner wrote:

> Why would you ever run untrusted code on any machine in any language,
> let alone Python?

Because sometimes you have to run untrusted code, so you want to run it 
in a sandbox so it can't eat your machine.

E.g. viewing PDF files.

Or you might be building an app that allows the user to enter code and 
execute it:

http://tryruby.org/



> If you're writing a web app, make it so that you only run trusted code.
> That is, code installed by the admin, or approved by the admin.

But do you trust the admin? Do you think your admin has audited the 
entire tool chain of every application, library and operating system 
module in your system?



-- 
Steven



More information about the Python-list mailing list