On Mon, Feb 16, 2015 at 11:52 AM, boB Stepp <robertvst...@gmail.com> wrote: > I have heard periodically about the potential evils of using exec() > and eval(), including today, on this list. I gather that the first > requirement for safely using these functions is that the passed > argument MUST be from a trusted source. So what would be examples > where the use of these functions IS appropriate?
Given that there are language environments that do perfectly ok without those functions, the flippant answer would be: those functions aren't necessary. But to be more serious: they'd probably be most useful when you're defining your own interactive programming environment. For example, consider a debugger or an IDE (such as IDLE. Or if you come from the Java world, imagine Eclipse). In a debugger, you're running another program, and allowing the user to do something programmatic in the context of that program. Setting breakpoints, or looking at the value of certain expressions. In this scenario, we want to be able to access the same runtime data structures that drive the running program... within the program itself! It's this introspection that drives the need for an eval or exec. Enormously powerful. Enormously dangerous in the wrong hands. That being said, almost all programs are neither debuggers nor IDEs at their heart. (Despite the joke that every program strives to become Emacs at a certain point.) _______________________________________________ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: https://mail.python.org/mailman/listinfo/tutor