Use eval() safely?
steven at REMOVE.THIS.cybersource.com.au
Tue Feb 23 08:08:30 CET 2010
On Mon, 22 Feb 2010 11:45:10 -0800, Jonathan Gardner wrote:
> Why would you ever run untrusted code on any machine in any language,
> let alone Python?
Because sometimes you have to run untrusted code, so you want to run it
in a sandbox so it can't eat your machine.
E.g. viewing PDF files.
Or you might be building an app that allows the user to enter code and
> If you're writing a web app, make it so that you only run trusted code.
> That is, code installed by the admin, or approved by the admin.
But do you trust the admin? Do you think your admin has audited the
entire tool chain of every application, library and operating system
module in your system?
More information about the Python-list