Message1573
Logged In: YES
user_id=4771
Doing the type check in exec and execfile() but not in
eval() is not something that seems particularly useful to
me. Any program can be written as an expression in Python
if you are crazy enough to do that... So it doesn't offer
any extra security to be more strict in exec than in eval().
People who really want to do it would have to go through
incredible pain just to work around the type check.
For the implications, I believe it is sufficient (and
necessary) to carefully review all usages of f_locals
throughout the code, and document f_locals as no longer
necessary a dictionary for those extension writers that
would have used this fact. |
|
Date |
User |
Action |
Args |
2007-08-23 13:50:45 | admin | link | issue215126 messages |
2007-08-23 13:50:45 | admin | create | |
|