Carl Banks wrote:
On Feb 27, 7:21 pm, Sammo <sammo2...@gmail.com> wrote:
Given that execfile has been removed in py3k, I want to understand
exactly why.
Okay, I get that execfile is bad from the following thread:
On Jul 29 2007, 2:39 pm, Steven D'Aprano
<st...@remove.this.cybersource.com.au> wrote:
(1) Don't use eval, exec or execfile.
(2) If you're an expert, don't use eval, exec or execfile.
(3) If you're an expert, and are fully aware of the security risks, don't
use eval, exec or execfile.
(4) If you're an expert, and are fully aware of the security risks, and
have a task that can only be solved by using eval, exec or execfile, find
another solution.
(5) If there really is no other solution, you haven't looked hard enough.
(6) If you've looked REALLY hard, and can't find another solution, AND
you're an expert and are fully aware of the security risks, THEN you can
think about using eval, exec or execfile.
What are some of the reasons why execfile should not be used?
What are some examples of cases where execfile is the correct way of
doing something?
[For instance, the package I use to generate my web site uses exec and
eval, because it processes templates with embedded Python code.
Now there's an example of exactly what exec and eval shouldn't be used for.
You don't put general-purpose execution mechanisms into your web site
template system. That's just asking for trouble.
John Nagle
--
http://mail.python.org/mailman/listinfo/python-list
