Untrusted code execution
Jon Ribbens
jon+usenet at unequivocal.co.uk
Tue Apr 5 15:14:00 EDT 2016
On 2016-04-05, Jon Ribbens <jon+usenet at unequivocal.co.uk> wrote:
> On 2016-04-05, Chris Angelico <rosuav at gmail.com> wrote:
>> Your code is a *lot* safer for using 'eval' rather than 'exec'.
>> Otherwise, you'd be easily exploited using exceptions, which carry a
>> ton of info.
>
> ... but all in attributes that don't start with "_", as far as I can see.
Sorry, obviously I meant "that *do* start with '_'".
More information about the Python-list
mailing list