Hi Danny, > > [The following note is Python 2.0 specific. In Python 3, input() is > semantically different, and safe.] > > If you are using Python 2.0, don't use the input() function here to > read strings. It is not safe: backing it is an implicit eval(), and > eval() is dangerous, especially for beginners who won't have the > background to understand the security implications. > > Example: if you enter in the following strange-looking input: > > (lambda x: x(x))(lambda x:x(x)) > > then this will crash your program due to a stack overflow. And this > is relatively safe compared to the other craziness you can enter into > input(). This is exactly why tutorials (and most Python programs in > general) should _not_ use input(): it's dangerous in the wrong hands. > > Rather, use raw_input() instead. > My intent is to use Python 3.3. I was aware that if I were using 2.x, that I should be using raw_input(); however, I was not aware of any security implications. Thank you for that info!
boB _______________________________________________ Tutor maillist - [email protected] To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
