8 Feb
2008
8 Feb
'08
11:14 a.m.
Dieter Maurer wrote:
It is easy to secure "eval":
globs = {'__builtins__':{}} eval(s, globs, globs)
This ensures that "eval" cannot use any builtin functions -- especially, it cannot import anything.
I'm fairly sure this isn't enough - google for the bugs in python's rexec and bastion modules which lead to them being deprecated... cheers, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk