Mike Meyer <[EMAIL PROTECTED]> writes: > > put in a html page as the value of a hidden variable. And when i get > > the string again, i want to cast it back as list of tuples:... > This is a serious security risk, as you can't trust the data not to do > arbitrary things to your system when eval'ed. > I'd look into pickling the list of tuples to get the string.
The whole scheme of putting the stuff on the html page and then getting it back from the client is ill-advised. Keep the info on the server and just have the client send back some token (session ID usually) saying where to find it on the server. If you absolutely have to put this sort of data on the client, append a cryptographic authentication code using the hmac module, and don't believe the data unless the authentication verifies. -- http://mail.python.org/mailman/listinfo/python-list