Thanks, Alan. I really appreciate the discussion.
--C
2007/3/6, ALAN GAULD <[EMAIL PROTECTED]>:
> Hm, I'm not sure I see your point. Could an evil hacker not just
> as easily change the dictionary in the python code
> (or somewhere else in the code) to perform such evil operations?
If they ha
> Hm, I'm not sure I see your point. Could an evil hacker not just
> as
easily change the dictionary in the python code
> (or somewhere else in
the code) to perform such evil operations?
If they have access to the source code you are right of course.
But typically the source will be in a secure
Cecilia Alm wrote:
> Hm, I'm not sure I see your point. Could an evil hacker not just as
> easily change the dictionary in the python code (or somewhere else in
> the code) to perform such evil operations?
Not too easily, if the code were distributed as .pycs. However, running
code you read in
Hm, I'm not sure I see your point. Could an evil hacker not just as easily
change the dictionary in the python code (or somewhere else in the code) to
perform such evil operations?
--C
2007/3/5, ALAN GAULD <[EMAIL PROTECTED]>:
> That's neat. When just the function call is the string,
> eval()
> That's neat. When just the function call is the string,
> eval() seems appropriate. (For example, if reading what
> function to call from a file.)
Its conventient but incredibly dangerous.
Its much better in that case to create a dictionary of allowed
(ie safe!) functions that can vbe read and
That's neat. When just the function call is the string, eval() seems
appropriate. (For example, if reading what function to call from a file.)
def some_func(val):
return val
s = eval('some_func("that\'s also pretty cool")')
s
"that's also pretty cool"
At any rate, thanks for the response
"Cecilia Alm" <[EMAIL PROTECTED]> wrote
> Thanks, Adam. I guess the exec would be exec("some_func").
> The result seems pretty similar to eval(), allthough eval() seems
> more
> straight-forward if the aim is to assign the returned value ("Done")
> to a
> variable.
s = eval('some_func("was
here's the magic you are looking for:
func_str = \
'''
def some_func(value):
# youwould check value instance here and do something to it
print "Hello World", value
return "Done"
'''
exec(func_str)
f = locals()["some_func"]
print f("wasn't that cool!")
When you exec the str, it will create
I know that there are several ways to execute a string which represents a
piece of python code.
Out of curiosity, is it only eval which returns a value? (as below, where
the string corresponds to a defined function).
def addone(val):
... return val + 1
...
res = eval('addone(10)')
Thanks
