On Fri, 21 Nov 2014 12:15:03 +0200, Steve Hayes wrote:
> On Fri, 21 Nov 2014 19:40:22 +1100, Chris Angelico <ros...@gmail.com>
> wrote:
>
>>On Fri, Nov 21, 2014 at 7:35 PM, Steve Hayes <hayes...@telkomsa.net>
>>wrote:
>>> This Python script does it for me.
>>>
>>> year = input("Year: ")
>>> age = input("Age: ")
>>> born = year-age print 'Year of birth:', born
>>
>>One thing to be careful of: The input() function in Python 2 should be
>>avoided. Instead, use int(raw_input("Year: ")) and correspondingly Age.
>>It's much safer and clearer than what you have, which is an alias for
>>eval(raw_input("Year: ")) - very dangerous.
>
> I though input() was OK for integers.
the problem with input is code-injection which is very similar to sql
injection (httpd://xkcd.com/327).
the data entered by the user is processed as if it was python code, this
means the user could enter a command (or sequence of commands) that cause
serious problems to you computer including but not limited to:-
Installing a virus
Deleting all your data
causing your central heating to explode (unlikely but if your central
heating is on your network anything is possible)
(I am beginning to think my fortune cookie signature generator is psychic)
--
"THIS time it really is fixed. I mean, how many times can we
get it wrong? At some point, we just have to run out of really
bad ideas.."
- Linus Torvalds"
--
https://mail.python.org/mailman/listinfo/python-list
