[Tutor] Invalid Token Problem
Alan Gauld
alan.gauld at btinternet.com
Fri Jul 20 09:25:54 CEST 2012
On 20/07/12 02:01, Ross Wilson wrote:
> More specifically, eval() is dangerous if you try to evaluate a string
> supplied by someone else. You really can't predict what will happen.
It really doesn't matter who provides the string, Python and eval()
don't care. They will behave just as dangerously if you provide the
wrong string.
And that's the problem because even if you think the string you are
feeding eval() is safe it only needs a small typo to occasionally
turn it into something not safe - and just once is enough to be painful.
So while eval() introduces security issues where other people try to
maliciously damage your code, eval() is dangerous even in "normal" use
because it has the potential to do damage.
Think of eval() as being like an old fashioned scythe for cutting hay. A
scythe is dangerous, used wrongly it can cut off your foot. Used
correctly it won't. But no matter how long you have been using a
scythe it remains dangerous and you forget that at your peril!
--
Alan G
Author of the Learn to Program web site
http://www.alan-g.me.uk/
More information about the Tutor
mailing list