Menu
▾
▴
Re: [Configobj-develop] unrepr & "non-traditional" pythons
|
From: Ken K. <ksk...@gm...> - 2009-05-20 18:40:55
|
On Sat, May 16, 2009 at 6:47 AM, Michael Foord <fuz...@vo...>wrote: > Hello Ken, > > I'll look at this. A problem with eval is that it is unsafe (arbitrary > code execution) - which is one reason to use a text based config > system in the first place. > > Michael > > -- > http://www.ironpythoninaction.com > Thanks Michael. After doing some more digging around it looks like this is as much a Python 3 issue as anything, and that the ast module is the preferred long-term solution. I think I'll break jython support (ignoring unrepr) out into it's own ticket, and create another for using ast when compiler isn't available. The differences between the APIs is giving me fits, though, so I'm not going to make any promises that the latter will come with a working patch. Anyway, there's no huge hurry here. In the short term, I can follow Dag's lead & just monkey-patch unrepr with eval. The potential security concerns with eval aren't important for my use case. thanks, -Ken |
