On Tue, Apr 12, 2016 at 8:43 AM, Jon Ribbens <jon+python-...@unequivocal.co.uk> wrote: > On Tue, Apr 12, 2016 at 03:02:54AM +1000, Chris Angelico wrote: >> It all depends on how much functionality you want. If all you need is >> a numeric expression evaluator, that's not too hard - disallow all >> forms of attribute access, etc, and just have simple numbers and >> operators. That's pretty useful, and safe. > > By "calculator" I didn't necessarily mean to imply numeric-only, > sorry if I was unclear. Also perhaps I should have said "non-trivial", > inasmuch as if we restrict it that far then it would quite possibly be > simpler and quicker just to write the expression evaluator from scratch > and not use the Python interpreter at all.
I'm aware you wanted more. My point is that it's not hard to secure the trivially simple, and it doesn't have to be entirely useless. But every bit of additional power brings with it additional risk. ChrisA _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
