Dynamic variable creation from string
Chris Angelico
rosuav at gmail.com
Fri Dec 9 07:08:23 EST 2011
On Fri, Dec 9, 2011 at 10:59 PM, Steven D'Aprano
<steve+comp.lang.python at pearwood.info> wrote:
> (4) If you think you can make exec safe with a prohibited list of
> dangerous strings, you probably can't.
If you think that it's even _possible_ to make exec safe with a
blacklist, I have a nice padded cell for you over here.
Security is NEVER achieved with blacklists, ONLY whitelists.
ChrisA
More information about the Python-list
mailing list