[Zope] Re: Need to use eval()?
Chris Withers
chrisw@nipltd.com
Mon, 17 Dec 2001 13:07:18 +0000
Think about it, you slip up with permissions and all of a sudden someone can
quite happily do:
http://yoursite.com/ealExp?pExp=import os; os.system('rm -rf /')
(with a bit of URL encoding ;-)
cheers,
Chris
Josef Meile wrote:
>
> I would like to know what the risks are because I haven't found information
> about it.
> Thanks.
>
> > Wow... where are your servers? I love playing with potentially huge
> security
> > holes ;-)
> >
> > Chris