Security Risks
Special care must be taken when using eval with data from an untrusted source. For instance, assuming that the get_data function gets data from the Internet, this Python code is insecure:
An attacker could supply the program with the string "session.update(authenticated=True)" as data, which would update the session dictionary to set an authenticated key to be True. To remedy this, all data which will be used with eval must be escaped, or it must be run without access to potentially harmful functions.
Read more about this topic: Eval
Famous quotes containing the words security and/or risks:
“There is something that Governments care for far more than human life, and that is the security of property, and so it is through property that we shall strike the enemy.... Be militant each in your own way.... I incite this meeting to rebellion.”
—Emmeline Pankhurst (1858–1928)
“In America any boy may become President, and I suppose it’s just one of the risks he takes!”
—Adlai Stevenson (1900–1965)