Chris Warrick <kwpol...@gmail.com> wrote:
> > More reduced :
> > ----------------------------------
> > u=raw_input('Enter calculation:")
> > print eval(u)
> > ----------------------------------
> > works and compute :
> > 1+2+3+4-1+4*2
> > 2+3.0/2-0.5
> >
> > Perform better and shorter, but less educationnal of course...
>
> No, this is awful. It's a great way to compromise your system's
> security. Never use eval() for any reason, especially with user input
> — if you were to type in __import__('os').system('…') with some
> particularly dangerous command (rm, format, …), you would kill your
> system.
Yes you're right, eval can be really dangerous.
You could make it (a little) safer using env ; but a hacker could always
break things with eval.
-------------------------------------
env={}
env["__builtins__"] = None
u=raw_input('Enter calculation:")
print eval(u,env)
-------------------------------------
--
Pierre-Alain Dorange Moof <http://clarus.chez-alice.fr/>
Ce message est sous licence Creative Commons "by-nc-sa-2.0"
<http://creativecommons.org/licenses/by-nc-sa/2.0/fr/>
--
https://mail.python.org/mailman/listinfo/python-list
