Re: eval() == evil? --- How to use it safely?
- From: Fett <FettManChu@xxxxxxxxx>
- Date: Fri, 29 Aug 2008 05:42:46 -0700 (PDT)
On Aug 28, 7:57 pm, Paul Rubin <http://phr...@xxxxxxxxxxxxxx> wrote:
So long story short: if I am expecting a dictionary of strings, I
should make a parser that only accepts a dictionary of strings then.
There is no safe way to use an existing construct.
That is what I was afraid of. I know I will have to deal with the
possibility of bad data, but considering my use (an acronym legend for
a database), and the fact that the site I plan to use should be
secure, these issues should be minimal. The users should be able to
spot any obvious false data, and restoring it should be simple.
Many thanks to all of you for your alarmist remarks. I certainly don't
want to, in any way, put my clients computers at risk by providing
unsafe code.
.
- Follow-Ups:
- Re: eval() == evil? --- How to use it safely?
- From: Bruno Desthuilliers
- Re: eval() == evil? --- How to use it safely?
- Prev by Date: Re: translating "create Semaphore" to Linux
- Next by Date: Re: translating "create Semaphore" to Linux
- Previous by thread: Re: eval() == evil? --- How to use it safely?
- Next by thread: Re: eval() == evil? --- How to use it safely?
- Index(es):
Relevant Pages
|
