[Tutor] executing a string representing python code
Cecilia Alm
ebbaalm at uiuc.edu
Tue Mar 6 22:39:05 CET 2007
Thanks, Alan. I really appreciate the discussion.
--C
2007/3/6, ALAN GAULD <alan.gauld at btinternet.com>:
>
> > Hm, I'm not sure I see your point. Could an evil hacker not just
> > as easily change the dictionary in the python code
> > (or somewhere else in the code) to perform such evil operations?
>
> If they have access to the source code you are right of course.
> But typically the source will be in a secure folder somewhere
> whereas the 'data' files will be more public. In the kind of applications
> that need to do this it tends to be the nature of the beast that the
> data files are either hand crafted by someone other than the original
> programmer (after all he/she would just write code, its far easier!)
> or they are auto generated from a database or from web input.
>
> So if the data files aand source code are both well protected then
> there is no problem. If both are publicly avbailable then there's a
> problem either way but in the common scenario where the data
> files are 'public' and the source is hidden/secured then we have
> the problem I described.
>
> Hope that clarifies things,
>
> Alan G.
>
>
> ------------------------------
> All New Yahoo! Mail<http://us.rd.yahoo.com/mail/uk/taglines/default/nowyoucan/spamguard/*http://us.rd.yahoo.com/evt=40565/*http://uk.docs.yahoo.com/nowyoucan.html>– Tired of unwanted email come-ons? Let our SpamGuard protect you.
>
--
E. Cecilia Alm
Graduate student, Dept. of Linguistics, UIUC
Office: 2013 Beckman Institute
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/tutor/attachments/20070306/7c5a8148/attachment.htm
More information about the Tutor
mailing list