[Tutor] using sockets to send a list
Abel Daniel
abli@freemail.hu
Sat Feb 22 02:50:03 2003
Don Arnold (darnold02@sprynet.com) wrote:
> I don't know much (if anything) about sockets, but if you can send strings,
> this might work (though it is kludgy):
It's not only kludgy, but extremly dangerous, too.
>
> 1. Use the str() built in function to convert your data into a string
> 2. Send the string to the client
> 3. Receive the string on the client side into a buffer
> 4. Use exec() with string formatting to load the buffer back into a
> variable.
Two problems:
There is no garantee that exec-ing the result of str() will give back
the original object. It might work for basic types (like lists, dicts),
but it won't work in cases like this:
>>> class foo:
... pass
...
>>> f=foo()
>>> f
<__main__.foo instance at 0x8111be4>
>>> str(f)
'<__main__.foo instance at 0x8111be4>'
>>>
If you exec that, you will get a string and not an instace of foo.
The second problem is the basic problem with using exec. Like what
happens if the string you get is "42; print 'you are h4xOr3d!!'" ?
>>> s="42; print 'you are h4xOr3d!!'"
>>> exec('b = %s' % s)
you are h4xOr3d!!
>>>
Replacing the print statement with something truly destructive is left
as an exercise to the reader.
I might trust you (and your server) enough to play a game, but I
seriously doubt I would trust you enough to let you execute arbitrary
commands on my computer.
I would use pickle instead.
abli