[Tutor] eval use (directly by interpreter vs with in a script)

Ken G. beachkidken at gmail.com
Mon Nov 3 00:23:12 CET 2014

On 11/02/2014 04:49 PM, Danny Yoo wrote:
> Hi Alex,
> Just as a side note, someone has probably already told you something
> like this, but:  I would strongly recommend not to use Python's eval()
> or exec().  Those language features are dangerous.  Every eval() or
> exec() is a possible vector for injection attacks.  This week's
> injection attack of the week appears to be Drupal:
> https://www.drupal.org/PSA-2014-003, and it's certainly not going to
> be the last, but why should we encourage this?
> In the face of this, we have to admit to ourselves that these features
> are hard to use.  Beginners should certainly give those features a
> very wide berth.  I don't think it's crazy to say that community
> wisdom is to strongly discourage dynamic code evaluation features
> unless we have no other choice.
> Are you just exploring the features of Python, or is there a
> particular task you're trying to solve with eval or exec()?  Perhaps
> you can accomplish the same goal in another way?
> _______________________________________________
> Tutor maillist  -  Tutor at python.org
> To unsubscribe or change subscription options:
> https://mail.python.org/mailman/listinfo/tutor

I use exec to jump to another program within the
same directory, such as:


and let the program terminate there. Should I do
it differently or are you talking about a different


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/tutor/attachments/20141102/052c9872/attachment.html>

More information about the Tutor mailing list