[Tutor] Runs in IDLE with F5, but not in Windows Command Prompt
boB Stepp
robertvstepp at gmail.com
Thu Apr 25 14:29:04 CEST 2013
Hi Danny,
>
> [The following note is Python 2.0 specific. In Python 3, input() is
> semantically different, and safe.]
>
> If you are using Python 2.0, don't use the input() function here to
> read strings. It is not safe: backing it is an implicit eval(), and
> eval() is dangerous, especially for beginners who won't have the
> background to understand the security implications.
>
> Example: if you enter in the following strange-looking input:
>
> (lambda x: x(x))(lambda x:x(x))
>
> then this will crash your program due to a stack overflow. And this
> is relatively safe compared to the other craziness you can enter into
> input(). This is exactly why tutorials (and most Python programs in
> general) should _not_ use input(): it's dangerous in the wrong hands.
>
> Rather, use raw_input() instead.
>
My intent is to use Python 3.3. I was aware that if I were using 2.x,
that I should be using raw_input(); however, I was not aware of any
security implications. Thank you for that info!
boB
More information about the Tutor
mailing list