On Wed, 30 Sep 2015 07:21 pm, jmp wrote: >> Is Ariel's xml file user-supplied? If so, how does your suggestion >> prevent the resulting lua script from executing arbitrary code? > > It does not. Like it doesn't fulfill the millions of possible > requirements the OP could have written but did not. What if the OP want > a thread safe, super fast, multi core solution distributed on multiple > remote hosts ?
Then he should have said so. We are not *required* to guess every last requirement that somebody might have but didn't mention. But we do have a professional[1] duty of care to warn an *obvious beginner* that he may be introducing a serious security vulnerability into his code. [1] In the sense of a job well done, not in the sense of "I got paid money to write this shit". Think master craftsman, not interchangeable code monkey. -- Steven -- https://mail.python.org/mailman/listinfo/python-list
