Greetings, Although it is considered bad form to answer one's own post, I'm going to do so anyway, anyhow,
http://docs.python.org/lib/built-in-funcs.html It turns out that both eval() and int() are Python interpreter built-ins. Now I really wonder why the author of the book used eval() rather than int() in the book's example? <shrug> > The original poster posted a post with the following function: > def dec(): > import string > message=raw_input("Enter the message to decode: ") > result='' > for x in string.split(message): > result=result+chr(eval(x)) > return result > > print dec() > which is from the book: > "Python programming: An introduction to CS" by John M. Zelle. -- bhaaluu at gmail dot com On 8/13/07, bhaaluu <[EMAIL PROTECTED]> wrote: > Greetings, > > On 8/12/07, Kent Johnson <[EMAIL PROTECTED]> wrote: > > bhaaluu wrote: > > > > > >>>> print chr(eval('65')) > > > A > > > > There is no need to use eval() here. Since the expected values are > > integers, just use int(): > > In [6]: chr(int('65')) > > Out[6]: 'A' > > > > This gives a clearer error message when the input is not as expected: > > In [7]: chr(int('How')) > > ------------------------------------------------------------ > > Traceback (most recent call last): > > File "<ipython console>", line 1, in <module> > > <type 'exceptions.ValueError'>: invalid literal for int() with base 10: > > 'How' > > > > In general it's a good idea to avoid using eval() especially with user > > input, it is a gaping security hole. > > > > Kent > > The original poster posted a post with the following function: > def dec(): > import string > message=raw_input("Enter the message to decode: ") > result='' > for x in string.split(message): > result=result+chr(eval(x)) > return result > > print dec() > which is from the book: > "Python programming: An introduction to CS" by John M. Zelle. > > As a Python Noob, I'm obviously ignorant of most of the Python > language, but I wonder why the author of a book would include > a function that is a "gaping security hole," when the int() function > would do the job just as nicely, and without the security concerns? > > Of course, I don't know what context the snippet is in because I > don't have a copy of the book in question. But as a Python Noob, > I really do appreciate your heads-up about eval(), and I have it > red-flagged as a 'gaping security' concern, and will use it with > extreme caution in the future. =) > > Now for MY question: Besides eval(), are there other functions that > should be 'red-flagged' as well? I just haven't been around Python > long enough yet to become familiar with all of the Standard Library. > Correct me if I'm wrong, but with 29 keywords, and over 176 library > functions, Python weighs-in at over 200 Standard "objects"? > > Cheers! =) > -- > bhaaluu at gmail dot com > _______________________________________________ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor