Rocco Moretti wrote:
Python's also dangerous. Every time you do an "import module", you put your system at risk of crashing, having the hard-drive wiped
Have you been drinking again?
No, not really. The "every time" comment should be viewed in the same light as "Every time you step outside, you risk being hit by a bus."
"import module" executes Python code. As such it can do anything Python can do. Crash your system, wipe the hard drive, etc. And there is nothing the importing code can do to stop it. Now, if you limit yourself to known and trusted modules, that risk virtually disappears, just like staying on the sidewalk virtually eliminates the chances of getting hit by a bus. Not completely, mind you, since someone could have altered the standard library modules/changed the import path such that you're importing an unknown module. But most people would argue if someone has that power, they probably can do anything they want with your system without you doing "import module."
Bottom line: Don't exec or eval untrusted code. Don't import untrusted modules.
--
http://mail.python.org/mailman/listinfo/python-list
