> - The eval() technique suggested in another reply may work, but isn't > really a good practice. eval() exists to make interactive prompts > possible, not as a general programming technique. There is no > protection on what eval() will do, so if an attacker can modify the > string that is being eval()'d, they have complete access to your > system. This is obviously very bad practice on a public-facing > interface, like a web site. > I agree completely. It should just be noted that in this case, there is no way to change the expression passed to eval. Secondly getattr cannot in no case evaluate an expression, or to reach a more deep fields.
--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
