Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #45774

Re: Newbie question about evaluating raw_input() responses

Path csiph.com!usenet.pasdenom.info!aioe.org!news.stack.nl!newsfeed.xs4all.nl!newsfeed2.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path <rosuav@gmail.com>
X-Original-To python-list@python.org
Delivered-To python-list@mail.python.org
X-Spam-Status OK 0.024
X-Spam-Evidence '*H*': 0.95; '*S*': 0.00; 'interpreter': 0.05; 'explicit': 0.07; 'suddenly': 0.07; 'tool,': 0.07; 'advice.': 0.09; 'measure': 0.09; 'used.': 0.09; 'wrong,': 0.09; 'subject:question': 0.10; '*only*': 0.16; '23,': 0.16; 'dangerous,': 0.16; 'executed.': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'function;': 0.16; 'posted.': 0.16; 'prefixed': 0.16; "tomorrow's": 0.16; ':-)': 0.16; 'wrote:': 0.18; 'all,': 0.19; 'thu,': 0.19; 'posts': 0.26; 'post': 0.26; 'gets': 0.27; 'header:In-Reply-To:1': 0.27; 'chris': 0.29; 'strongly': 0.30; 'especially': 0.30; 'message- id:@mail.gmail.com': 0.30; "i'm": 0.30; '(which': 0.31; 'gives': 0.31; 'code': 0.31; 'that.': 0.31; "d'aprano": 0.31; 'steven': 0.31; "user's": 0.31; 'handled': 0.32; 'quite': 0.32; 'maybe': 0.34; 'problem': 0.35; 'advice': 0.35; 'agree': 0.35; 'something': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'there': 0.35; 'done': 0.36; 'should': 0.36; 'too': 0.37; 'to:addr:python-list': 0.38; 'list,': 0.38; 'pm,': 0.38; 'to:addr:python.org': 0.39; 'changed': 0.39; 'mailing': 0.39; 'problems.': 0.60; 'solve': 0.60; 'full': 0.61; 'simple': 0.61; "you're": 0.61; 'great': 0.65; 'effectively': 0.66; 'fact,': 0.69; 'respect': 0.70; "today's": 0.70; 'safe': 0.72; 'therefore': 0.72; 'apart': 0.72; 'obvious': 0.74; 'potentially': 0.81; 'confusing': 0.84; 'execution.': 0.84; 'language!': 0.84; 'one-on-one': 0.84; 'wishing': 0.93; '2013': 0.98
DKIM-Signature v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=OESh+LturR7ta3Cq3Qbjp7pCAaQuOsv5JhPahYCVRRI=; b=owsAVgyAbzf3aZ0q8gkaoewL0p2rdpbiyeL8u7EYUnJBCy8B8fsZfEVOb4pehPuLZe WbDdIx6yAD9hMBNO7p1PsF6idRqT4PXuYP+se6ozrx/UL4Kbwl/NgGDHcEWc4zj11ym0 LI+LMZSw0eiOESrFYC51XMeIOr2WNx9Sm0KKVcLHxUOOzoFUEFfGXqFNte/wYeBW1Trq 2dPJwb7F+2gzlM8LctX5W8Ru8Rs6Q5uED3VNXdLHHG/c7YwxtK4pXFgBqXceZ6//J1LV 7PZFWzj0kBicfgMoAw6hFRd5bNFMkpk68G7pOG/WBHXHIGNLU6uqipnEnfXs2XMU/UNC +R2Q==
MIME-Version 1.0
X-Received by 10.52.175.200 with SMTP id cc8mr3625090vdc.94.1369289049847; Wed, 22 May 2013 23:04:09 -0700 (PDT)
In-Reply-To <519d9f71$0$1591$c3e8da3$76491128@news.astraweb.com>
References <534d7800-14c1-430b-85fb-dd703c2acc4d@googlegroups.com> <c8d5972d-9b11-4885-a68d-6ce1d0414718@googlegroups.com> <IGbnt.31113$LC7.15822@fx06.am4> <519d9f71$0$1591$c3e8da3$76491128@news.astraweb.com>
Date Thu, 23 May 2013 16:04:09 +1000
Subject Re: Newbie question about evaluating raw_input() responses
From Chris Angelico <rosuav@gmail.com>
To python-list@python.org
Content-Type text/plain; charset=ISO-8859-1
X-BeenThere python-list@python.org
X-Mailman-Version 2.1.15
Precedence list
List-Id General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive <http://mail.python.org/pipermail/python-list/>
List-Post <mailto:python-list@python.org>
List-Help <mailto:python-list-request@python.org?subject=help>
List-Subscribe <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups comp.lang.python
Message-ID <mailman.1992.1369289058.3114.python-list@python.org> (permalink)
Lines 39
NNTP-Posting-Host 2001:888:2000:d::a6
X-Trace 1369289058 news.xs4all.nl 15974 [2001:888:2000:d::a6]:49381
X-Complaints-To abuse@xs4all.nl
Xref csiph.com comp.lang.python:45774

Show key headers only | View raw

On Thu, May 23, 2013 at 2:47 PM, Steven D'Aprano
<steve+comp.lang.python@pearwood.info> wrote:
> But all joking aside, eval is dangerous, yes, but it is not "evil". It
> needs to be handled with caution, but there are good uses for it. In
> fact, there are a few -- a very few -- things which can *only* be done
> with eval or exec. That's why it is part of the language!
>...
>
> So while it is right and proper to treat eval with great respect as a
> powerful (and therefore dangerous) tool, and avoid it whenever you don't
> *need* it, there is no reason to be irrational about it :-)

No need to be irrational about eval(), but I do agree that input()
should never be used. Especially now that Py3 has changed the meaning
of input(), it's potentially very confusing to call the old function;
be explicit and use eval(raw_input()) if you actually want that.

Quite apart from the extreme danger of eval'ing something tainted
(which isn't a problem if you KNOW the user's trusted - eg if you're
effectively writing an interactive interpreter for yourself), input()
is just too concealing; it's not obvious that code will be executed.

Above all, I don't want to see people advised to eval things as a
solution to simple problems. Maybe it's safe *right now*, but any
advice that solves today's problem will be used to solve tomorrow's
problem too, and tomorrow's problem will involve code going to someone
untrusted who suddenly gets full code execution.

But this is why we have a mailing list, not one-on-one advice. Kevin's
post is bound to get a follow-up, just as my posts are when I say
something incorrect. It gives that measure of extra confidence:
"Correct me if I'm wrong, but..." is implicitly prefixed to everything
:)

So Kevin, please don't get me wrong: I'm not hating on you, I'm not
wishing you hadn't posted. But I *will* speak strongly against the Py2
input() function. :)

Chris Angelico

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Newbie question about evaluating raw_input() responses "C. N. Desrosiers" <cndesrosiers@gmail.com> - 2013-05-21 23:23 -0700
  Re: Newbie question about evaluating raw_input() responses Fábio Santos <fabiosantosart@gmail.com> - 2013-05-22 07:35 +0100
    Re: Newbie question about evaluating raw_input() responses "C. N. Desrosiers" <cndesrosiers@gmail.com> - 2013-05-21 23:52 -0700
  Re: Newbie question about evaluating raw_input() responses Kevin Xi <kevin.xgr@gmail.com> - 2013-05-21 23:52 -0700
    Re: Newbie question about evaluating raw_input() responses Chris Angelico <rosuav@gmail.com> - 2013-05-22 17:19 +1000
    Re: Newbie question about evaluating raw_input() responses Alister <alister.ware@ntlworld.com> - 2013-05-22 22:31 +0000
      RE: Newbie question about evaluating raw_input() responses Carlos Nepomuceno <carlosnepomuceno@outlook.com> - 2013-05-23 01:55 +0300
      Re: Newbie question about evaluating raw_input() responses Kevin Xi <kevin.xgr@gmail.com> - 2013-05-22 18:56 -0700
      Re: Newbie question about evaluating raw_input() responses Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-05-23 04:47 +0000
        Re: Newbie question about evaluating raw_input() responses Chris Angelico <rosuav@gmail.com> - 2013-05-23 16:04 +1000
        Re: Newbie question about evaluating raw_input() responses Terry Jan Reedy <tjreedy@udel.edu> - 2013-05-23 03:11 -0400
        Re: Newbie question about evaluating raw_input() responses Chris Angelico <rosuav@gmail.com> - 2013-05-23 17:20 +1000
          Re: Newbie question about evaluating raw_input() responses Nobody <nobody@nowhere.com> - 2013-05-25 19:27 +0100
            Re: Newbie question about evaluating raw_input() responses Chris Angelico <rosuav@gmail.com> - 2013-05-26 04:33 +1000
            Re: Newbie question about evaluating raw_input() responses Fábio Santos <fabiosantosart@gmail.com> - 2013-05-25 23:11 +0100
      Re: Newbie question about evaluating raw_input() responses Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2013-05-23 18:51 -0400

csiph-web