That is the point where things are mis-interpreted. We do not exec-ute code built from arbitrary user input at all. The fact that we validate all input escape(sanitize) all output is not even relevant here. We ONLY exec-ute programs created by the administrator (whether via shell of administrative interface). The administrator is the person who installed web2py, started it and has full login access. We just use the command exec instead of the command import because this allows us to avoid problems with the fact that sys.path is not thread safe and allows us to have hot install/uninstall of apps and no module conflicts between different coexisting apps. It also allows us to avoid module reloading (what all other frameworks do) since that may cause memory leaks and does not work with non-python production servers.
On Apr 2, 1:00 am, cjrh <caleb.hatti...@gmail.com> wrote: > On Apr 1, 10:29 pm, pbreit <pbreitenb...@gmail.com> wrote: > > > Python programmers should definitely be careful about the use of > > exec but Massimo has made a very conscientious decision to use it. > > I think the primary concern with the use of exec() is the danger of > arbitrary code execution, because that immediately raises security > concerns. However, in the way that web2py uses exec(), the code being > executed is not arbitrary, and code injection is not possible because > everything entered by users through the framework is sanitized.
