O'Reilly logo
  • You Wang thinks this is interesting:

execute Python code stored in a string. This is a potential security hole of great dimensions. If you execute a string where parts of the contents have been supplied by a user, you have little or no control over what code you are executing. This is especially dangerous in network applications, such as Common Gateway Interface (CGI) scripts, which you will learn about in Chapter 15.



code and data (especially user generated) must be strictly seperated for security.