On 4/13/2010 11:56 AM, Vishal Rana wrote:
Hi,
I need to construct an if statement from the data coming from the client
as below:
conditions: condition1, condition2, condition3, condition4 logical
operators: lo1, lo2, lo3 (Possible values: "and" "or")
Eg.
|if condition1 lo1 condition2 lo3 condition4:
# Do something
|
I can think of eval/exec but not sure how safe they are! Any better
approach or alternative? Appreciate your responses :)
PS: Client-side: Flex, Server-side: Python, over internet
Unless Python on the server is properly sandboxed (not easy), this is
not safe. Consider 'conditions' like
10000**10000
__import__('subprocess').Popen(['format', 'C:']) # don't test this !!!
I may not have the latter exactly correct but you should get the idea.
So sandboxing requires OS supervision and limitation of time and space
consumption as well as removal from Python of dangerous builtins and
modules.
Terry Jan Reedy
--
http://mail.python.org/mailman/listinfo/python-list
