On 2009-11-10, Steven D'Aprano <st...@remove-this-cybersource.com.au> wrote:
> On Tue, 10 Nov 2009 16:31:13 +0100, Daniel Fetchinson wrote about using
> exec:
>
>>> This is a *really* bad idea.
>>
>> How do you know for sure? Maybe the OP wants to use this thing
>> with 3 known researchers working on a cluster that is not even
>> visible to the outside world.
And those three researchers are perfect? They've never even
made a typographical error?
>> In such a setup the model the OP suggested is a perfectly
>> reasonable one. I say this because I often work in such an
>> environment and security is never an issue for us. And I find
>> it always amusing that whenever I outline our code to a
>> non-scientist programmer they always run away in shock and
>> never talk to us again
>
> You might be a great scientist, but perhaps you should pay
> attention to the experts on programming who tell you that this
> is opening a potential security hole in your system.
>
> No, it's not a "perfectly reasonable" tactic. It's a risky
> tactic that only works because the environment you use it in
> is so limited and the users so trusted.
Even then it only works until a trusted user makes a mistake
and types the wrong thing. A stupid mistake can do just as much
damage as an evil mastermind.
--
Grant Edwards grante Yow! Is this an out-take
at from the "BRADY BUNCH"?
visi.com
--
http://mail.python.org/mailman/listinfo/python-list
