|
Greg Stein
gstein at lyra.org
Fri May 26 03:39:52 EST 2000
On Fri, 26 May 2000, Micha<B3> Mach wrote:
> > *) to import modules, use: module = __import__(module_name)
>
> Why so? That's perhaps more like the Python question than mod_python matter,
> but anyway...
apache.py was doing something like the following:
exec "import " + module_name
module = eval(module_name)
The above code is horribly inefficient compared to the code I provided
(using __import__). You have two parse/compile passes at runtime. The
"exec" disables certain optimizations. I don't think the code allows it,
but if module_name happens to come from some user input, then you are
effectively executing arbitrary code. Very bad.
Python vs mod_python? Bah. I wouldn't have brought it up if it wasn't a
mod_python issue.
Cheers,
-g
--
Greg Stein, http://www.lyra.org/
_______________________________________________
Mod_python mailing list
Mod_python at modpython.org
http://www.modpython.org/mailman/listinfo/mod_python
|