[Tutor] Python script engine
Andrew Wilkins
toodles@yifan.net
Fri, 19 Oct 2001 10:39:56 +0800
----- Original Message -----
From: "Glen Wheeler" <wheelege@tsn.cc>
To: <tutor@python.org>
Sent: Friday, October 19, 2001 9:19 AM
Subject: Re: [Tutor] Python script engine
>
>
> > Hello,
> > In my application I would like to allow users to add/use basic
> > python commands but I do not want users to change my code of
> > application directly.
> >
>
> Hi :) This sounds like you want to take raw_input then eval or exec
> it...but that can lead to problems like malicious users killing your
server,
> so why not take a different approach?
*nod*
Perhaps this is where Restricted Execution (module rexec) would come in
handy. I've never used it myself, but it restricts just what objects the
user has access to.
Andrew Kuchling has a HOWTO here: http://www.python.org/doc/howto/rexec/
Just some thoughts...HTH!
Andrew
>
> >
> > For example my program expects
> > telephone. number in format
> > +442076812563
> > but a user sometimes may want to
> > supply
> > 0044 207 681 2563
> > (please note a blank).
> > Then the user would need
> > to use STRING.JOIN Python function to get from the user's input
> > (0044 207 681 2563) the string that my program expects
> > (+442076812563)
> >
> > Does anyone have any idea how to do that?
> >
>
> Well, you could think about all the ways that a user can input your
string
> and then your program can format it itself. Like if there is a space in
the
> string, remove all the spaces. If somebody puts brackets in, then remove
> them. If there is no plus sign, add one. They aren't very difficult
> compared to the sort of checking you would have to do if you went with the
> user minupulating his/her own string...and the user doensn't need to know
> python either :)
>
> HTH,
> Glen
>
>
> _______________________________________________
> Tutor maillist - Tutor@python.org
> http://mail.python.org/mailman/listinfo/tutor
>