Message6971
Logged In: YES
user_id=31435
Why are people (Paul, Jeremy) concerned about eval'ing
strings? cPickle and pickle both check that they're
properly quoted, and this isn't sh or Perl: Python has
no "dynamic" gimmicks buried in string literals. All
eval'ing a string literal can do is produce a binary blob
via interpeting simple escape sequences. They're like C
strings this way -- maybe we'll run out of memory, but
that's it.
I would agree that Python should be refactored internally
to supply a clean function for changing string literals
into binary blobs, but that would be for clarity and
efficiency, not security. |
|
Date |
User |
Action |
Args |
2007-08-23 13:56:49 | admin | link | issue471893 messages |
2007-08-23 13:56:49 | admin | create | |
|