[Zope] python script, from string to dictionary.
Chris Withers
chris at simplistix.co.uk
Fri Feb 8 06:14:40 EST 2008
Dieter Maurer wrote:
> It is easy to secure "eval":
>
> globs = {'__builtins__':{}}
> eval(s, globs, globs)
>
> This ensures that "eval" cannot use any builtin functions --
> especially, it cannot import anything.
I'm fairly sure this isn't enough - google for the bugs in python's
rexec and bastion modules which lead to them being deprecated...
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Zope
mailing list