On Thu, 09 Apr 2009 13:13:50 -0400, Terry Reedy wrote: > Joel Hedlund wrote: >> Hi all! >> >> I'm writing a program that presents a lot of numbers to the user, and I >> want to let the user apply moderately simple arithmentics to these >> numbers. One possibility that comes to mind is to use the eval >> function, but since that sends up all kinds of warning flags in my >> head, > > Where does the program execute? If on the user's own machine, no > problem.
Until the user naively executes a code sample he downloaded from the Internet, and discovers to his horror that his *calculator* is able to upload his banking details to an IRC server hosted in Bulgaria. How quickly we forget... for twenty or thirty years all malware infections was via programs executed on the user's own machine. > Eval is no more dangerous than Python itself. But users know Python is a Turing-complete programming language that can do anything their computer can do. It would come to an unpleasant surprise to discover that (say) your icon editor was also a Turing- complete programming language capable of doing anything your C-compiler could do. The same holds for applications written in Python. -- Steven -- http://mail.python.org/mailman/listinfo/python-list
