0

While searched for creating dynamic functions in python, i end up with following code.

dynf = types.FunctionType(compile('print "really WoW"', 'dyn.py', 'exec'), {})
dynf()

As python guidelines, it suggested that use of eval and exec are not recommended for good programming. Hence is above code is efficient or is it have any problem on the performance of the program?

mcv
  • 45
  • 2
  • 10
  • `eval` and especially `exec` are dangerous if you build up the program from untrusted sources. Even something as simple as a user supplied login name could open the door to injection of malicious code. If that's the source of the recommendation and you understand how to protect yourself from things going wrong, then go ahead and use them. I've done it for test patterns in databases (which sucked for other reasons) but the patterns were in a trusted source. – tdelaney Apr 05 '18 at 04:56
  • `eval` and `exec` are not inherently bad, they are just easy to misuse and can be a security vulnerability if you dynamically execute code from untrusted sources – juanpa.arrivillaga Apr 05 '18 at 05:14
  • How do i protect my self? this code will run only in my local system then is it ok ? What if the code run in a django cloud? – mcv Apr 05 '18 at 05:59

0 Answers0