Feature Requests item #1237678, was opened at 2005-07-13 11:45 Message generated for change (Comment added) made by rhettinger You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=355470&aid=1237678&group_id=5470
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Documentation Group: None >Status: Closed >Resolution: Rejected Priority: 5 Submitted By: Reinhold Birkenfeld (birkenfeld) Assigned to: Nobody/Anonymous (nobody) Summary: add a note to eval and exec to not use it when possible Initial Comment: The docs for eval and exec should have pointers how to avoid them, by e.g. using locals(), globals(), getattr, setattr etc. Many questions pop up on c.l.py which could be answered by this. ---------------------------------------------------------------------- >Comment By: Raymond Hettinger (rhettinger) Date: 2005-07-13 16:45 Message: Logged In: YES user_id=80475 This should not be in the docs. Both eval() and exec are legitmate parts of the language with valid use cases. Avoidance of eval() and exec is a comp.lang.python security cult. If you feel the need, write a FAQ entry and submit it to Andrew. The entry should be neautrally worded with an informative note on the security risks of blindly running untrusted code and will a short listing of faster or more secure approaches for common use cases. Also, mention the input() includes an implicit call to eval(). ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=355470&aid=1237678&group_id=5470 _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
