Python has 31 keywords. exec is one of them. It cannot be that evil ;-) It is childish to criticize web2py for the use of a keyword without understanding the algorithm in which the keyword is used.
Web2py was audited for security and did well: http://www.pythonsecurity.org/wiki/web2py/ In fact we do not use exec or eval with user input, only with server- side code or code provided by the system administrator. Since then, Django has reported major vulnerabilities: http://www.linuxsecurity.com/content/view/154384/100/ http://www.f-secure.com/vulnerabilities/SA200905517 http://cvedetails.com/cve/CVE-2011-0698/ http://cvedetails.com/cve/CVE-2010-4534/ I am sorry to say people who spread these rumors are buying into the propaganda and not thinking with their head. Smart people will look at the credentials, education and professional experience of the developers as opposed to how much they blog. The only argument that has merit is Mitsuhiko's argument that we should not exec code that contains classes with a __del__ method or this will result in a memory leak. We know that and we do not do it. It is a small price to pay for what it gives us. It is not something that we want to get rid of. Massimo On Mar 1, 8:50 pm, pbreit <pbreitenb...@gmail.com> wrote: > Would there be any way to close the gap at all? I have liked working with > Web2py so far but I feel like the argument above may have some merit and > should not be dismissed.
