George Sakkis wrote:
You probably missed the point in the posted examples. A malicious user doesn't need to modify your program code to have access to far more than you would hope, just devise an appropriate string s and pass it to your "safe" eval.
Oppps, I did miss the point. I was assuming that the modifying stuff was being done before the call to the eval(). I was wrong.
I'll have to get the ast based code incorporated into my code and just use it. Darn, but it seems that each and every time one sees a simple solution to a simple problem ... :)
Thanks. -- http://mail.python.org/mailman/listinfo/python-list
