Yet another attempt at a safe eval() call

Michael Torrie torriem at gmail.com
Fri Jan 4 17:05:23 CET 2013


On 01/04/2013 08:53 AM, Grant Edwards wrote:
> That's obviously the "right" thing to do.  I suppose I should figure
> out how to use the ast module.  

Or PyParsing.

As for your program being "secure" I don't see that there's much to
exploit.  You're not running as a service, and you're not running your
assembler as root, called from a normal user.  The user has your code
and can "exploit" it anytime he wants.



More information about the Python-list mailing list