Eval - Security Risks

Security Risks

Special care must be taken when using eval with data from an untrusted source. For instance, assuming that the get_data function gets data from the Internet, this Python code is insecure:

session = False data = get_data foo = eval(data)

An attacker could supply the program with the string "session.update(authenticated=True)" as data, which would update the session dictionary to set an authenticated key to be True. To remedy this, all data which will be used with eval must be escaped, or it must be run without access to potentially harmful functions.

Read more about this topic:  Eval

Famous quotes containing the words security and/or risks:

    Of course we will continue to work for cheaper electricity in the homes and on the farms of America; for better and cheaper transportation; for low interest rates; for sounder home financing; for better banking; for the regulation of security issues; for reciprocal trade among nations and for the wiping out of slums. And my friends, for all of these we have only begun to fight.
    Franklin D. Roosevelt (1882–1945)

    If the children and youth of a nation are afforded opportunity to develop their capacities to the fullest, if they are given the knowledge to understand the world and the wisdom to change it, then the prospects for the future are bright. In contrast, a society which neglects its children, however well it may function in other respects, risks eventual disorganization and demise.
    Urie Bronfenbrenner (b. 1917)