+ 4

is python eval a security riski?

A few years ago (on another form) it was recommended not to use javascripts' eval function as it posed a security risk, but I see it used quite often here in python codes. I assume it's OK to use it then (in python code)?

6th Oct 2019, 8:50 AM
rodwynnejones
rodwynnejones - avatar
11 odpowiedzi
+ 3
Combining it with input makes it dangerous and then stuff like this can happen: https://www.xkcd.com/327/
6th Oct 2019, 10:10 AM
Thoq!
Thoq! - avatar
+ 2
I linked xkcd because all those "bad boys" can be rendered harmless by sanitizing the input.
6th Oct 2019, 12:46 PM
Thoq!
Thoq! - avatar
+ 1
Seems you can do harm against eval even with limited globals if you're tricky. https://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html
6th Oct 2019, 12:05 PM
HonFu
HonFu - avatar
- 1
It safe your memory consumption. It is like a type casting, it is safe for us. Don't worry....
6th Oct 2019, 3:04 PM
Pushpendra Singh
Pushpendra Singh - avatar