Security Risks
Special care must be taken when using eval with data from an untrusted source. For instance, assuming that the get_data function gets data from the Internet, this Python code is insecure:
An attacker could supply the program with the string "session.update(authenticated=True)" as data, which would update the session dictionary to set an authenticated key to be True. To remedy this, all data which will be used with eval must be escaped, or it must be run without access to potentially harmful functions.
Read more about this topic: Eval
Famous quotes containing the words security and/or risks:
“Modern children were considerably less innocent than parents and the larger society supposed, and postmodern children are less competent than their parents and the society as a whole would like to believe. . . . The perception of childhood competence has shifted much of the responsibility for child protection and security from parents and society to children themselves.”
—David Elkind (20th century)
“The question is whether personal freedom is worth the terrible effort, the never-lifted burden and risks of self-reliance.”
—Rose Wilder Lane (1886–1968)