On Mon, Oct 11, 2010 at 11:11 AM, Cata <catalinf...@gmail.com> wrote:
> Hi .
> I read about eval().
> I also read about this "bug" :
> cod = raw_input ('Enter:")
> eval (cod)
> if i use "rm -rf ~" all files will be deleted .
That's incorrect. eval() does not (directly) run shell commands. It
does evaluate arbitrary Python expressions though, which can delete
files and do other things just as nasty as rm -rf.
> What is correct way to use this function?
To not use it in the first place if at all possible (use int(),
float(), getattr(), etc. instead, depending on what you're doing), or
to only use it with trusted or heavily validated input.
Cheers,
Chris
--
Darned literature commentaries...
http://blog.rebertia.com
--
http://mail.python.org/mailman/listinfo/python-list
