Ben Finney wrote: > "Devan L" <[EMAIL PROTECTED]> writes: > > > Is there any safe way to create an instance of an untrusted class > > Why are you instantiating classes you don't trust? > > > without consulting the class in any way? > If you don't "consult the class", how can the instance be created > properly? >
When my program runs (CGI), the following happens: * User enters source, which is executed in a restricted environment, which unserializes a previously serialized environment if there is one. * The restricted environment is serialized, including any instances they may have instantiated. So when I unserialize their instances, I have to recreate them, but without calling any of their code (I can't run the unserializing code in a restricted environment). Instances of old-style classes can be created without touching the actual old-style class code, but I'm not sure how, if it's possible, to do the same with new-style classes - Devan -- http://mail.python.org/mailman/listinfo/python-list
