Not really. Try modifying ast.literal_eval. This will be quite secure. On 17 August 2012 19:36, Chris Angelico <ros...@gmail.com> wrote:
> On Fri, Aug 17, 2012 at 11:28 PM, Eric Frederich > <eric.freder...@gmail.com> wrote: > > Within the debugging console, after importing all of the bindings, there > > would be no reason to import anything whatsoever. > > With just the bindings I created and the Python language we could do > > meaningful debugging. > > So if I block the ability to do any imports and calls to eval I should be > > safe right? > > Nope. Python isn't a secured language in that way. I tried the same > sort of thing a while back, but found it effectively impossible. (And > this after people told me "It's not possible, don't bother trying". I > tried anyway. It wasn't possible.) > > If you really want to do that, consider it equivalent to putting an > open SSH session into your debugging console. Would you give that much > power to your application's users? And if you would, is it worth > reinventing SSH? > > ChrisA > -- > http://mail.python.org/mailman/listinfo/python-list >
-- http://mail.python.org/mailman/listinfo/python-list
