• Create Account

### #ActualSky Warden

Posted 25 April 2013 - 08:32 AM

I think you're mistaking exec for eval. And yes, you should be very careful using eval. Probably a better idea is creating a map of valid commands. Something like this:

def move_character(char_id, vector):
# TODO:
pass

def kill_character(char_id):
# TODO:
pass

command_map = {
'move_character': move_character,
'kill_character': kill_character,
}


So if the command sent the server is not one of the registered commands in command_map, you ignore it. This is a simple way you can start defining (and enforcing) the contract between client and server.

Try something simple like this and build on it as necessary.

Oh, yes. It's eval. I forgot about their difference.

About the command_map, I actually have been thinking about that before. Using dictionary and check if the thing is in the dictionary. So, my assumption is right? The type of data sent between client and server is the instruction and the arguments needed? I have never coded any server stuff before, and I couldn't find such information in the Internet. I just used my own logic, which is questionable.

Can you please explain a little more about the reason why I must be careful while using eval? I feel like it's rather risky, but I'm not sure why. I guess I'm just paranoid.

P.S. I just read an article about being careful with eval, but I don't really understand the namespace thingy.

### #5Sky Warden

Posted 25 April 2013 - 08:32 AM

I think you're mistaking exec for eval. And yes, you should be very careful using eval. Probably a better idea is creating a map of valid commands. Something like this:

def move_character(char_id, vector):
# TODO:
pass

def kill_character(char_id):
# TODO:
pass

command_map = {
'move_character': move_character,
'kill_character': kill_character,
}


So if the command sent the server is not one of the registered commands in command_map, you ignore it. This is a simple way you can start defining (and enforcing) the contract between client and server.

Try something simple like this and build on it as necessary.

Oh, yes. It's eval. I forgot about their difference.

About the command_map, I actually have been thinking about that before. Using dictionary and check if the thing is in the dictionary. So, my assumption is right? The type of data sent between client and server is the instruction and the arguments needed? I have never coded any server stuff before, and I couldn't find such information in the Internet. I just used my own logic, which is questionable.

Can you please explain a little more about the reason why I must be careful while using eval? I feel like it's rather risky, but I'm not sure why. I guess I'm just paranoid.

P.S. I just read an article about being careful with eval, but I don't really understand the namespace thingy.

### #4Sky Warden

Posted 25 April 2013 - 07:47 AM

I think you're mistaking exec for eval. And yes, you should be very careful using eval. Probably a better idea is creating a map of valid commands. Something like this:

def move_character(char_id, vector):
# TODO:
pass

def kill_character(char_id):
# TODO:
pass

command_map = {
'move_character': move_character,
'kill_character': kill_character,
}


So if the command sent the server is not one of the registered commands in command_map, you ignore it. This is a simple way you can start defining (and enforcing) the contract between client and server.

Try something simple like this and build on it as necessary.

Oh, yes. It's eval. I forgot about their difference.

About the command_map, I actually have been thinking about that before. Using dictionary and check if the thing is in the dictionary. So, my assumption is right? The type of data sent between client and server is the instruction and the arguments needed? I have never coded any server stuff before, and I couldn't find such information in the Internet. I just used my own logic, which is questionable.

Can you please explain a little more about the reason why I must be careful while using eval? I feel like it's rather risky, but I'm not sure why. I guess I'm just paranoid.

P.S. I just read an article about being careful with eval, but I don't really understand the namespace thingy.

### #3Sky Warden

Posted 25 April 2013 - 07:43 AM

I think you're mistaking exec for eval. And yes, you should be very careful using eval. Probably a better idea is creating a map of valid commands. Something like this:

def move_character(char_id, vector):
# TODO:
pass

def kill_character(char_id):
# TODO:
pass

command_map = {
'move_character': move_character,
'kill_character': kill_character,
}


So if the command sent the server is not one of the registered commands in command_map, you ignore it. This is a simple way you can start defining (and enforcing) the contract between client and server.

Try something simple like this and build on it as necessary.

Oh, yes. It's eval. I forgot about their difference.

About the command_map, I actually have been thinking about that before. Using dictionary and check if the thing is in the dictionary. So, my assumption is right? The type of data sent between client and server is the instruction and the arguments needed? I have never coded any server stuff before, and I couldn't find such information in the Internet. I just used my own logic, which is questionable.

Can you please explain a little more about the reason why I must be careful while using eval? I feel like it's rather risky, but I'm not sure why. I guess I'm just paranoid.

P.S. I just read an article about being careful with eval, but I don't really understand the namespace thingy.

### #2Sky Warden

Posted 25 April 2013 - 07:42 AM

I think you're mistaking exec for eval. And yes, you should be very careful using eval. Probably a better idea is creating a map of valid commands. Something like this:

def move_character(char_id, vector):
# TODO:
pass

def kill_character(char_id):
# TODO:
pass

command_map = {
'move_character': move_character,
'kill_character': kill_character,
}


So if the command sent the server is not one of the registered commands in command_map, you ignore it. This is a simple way you can start defining (and enforcing) the contract between client and server.

Try something simple like this and build on it as necessary.

Oh, yes. It's eval. I forgot about their difference.

About the command_map, I actually have been thinking about that before. Using dictionary and check if the thing is in the dictionary. So, my assumption is right? The type of data sent between client and server is the instruction and the arguments needed? I have never coded any server stuff before, and I couldn't find such information in the Internet. I just used my own logic, which is questionable.

Can you please explain a little more about the reason why I must be careful while using eval? I feel like it's rather risky, but I'm not sure why. I guess I'm just paranoid.

P.S. I just read an article about being careful with eval, but I don't really understand the namespace thingy.

### #1Sky Warden

Posted 25 April 2013 - 07:40 AM

I think you're mistaking exec for eval. And yes, you should be very careful using eval. Probably a better idea is creating a map of valid commands. Something like this:

def move_character(char_id, vector):
# TODO:
pass

def kill_character(char_id):
# TODO:
pass

command_map = {
'move_character': move_character,
'kill_character': kill_character,
}


So if the command sent the server is not one of the registered commands in command_map, you ignore it. This is a simple way you can start defining (and enforcing) the contract between client and server.

Try something simple like this and build on it as necessary.

Oh, yes. It's eval. I forgot about their difference.

About the command_map, I actually have been thinking about that before. Using dictionary and check if the thing is in the dictionary. So, my assumption is right? The type of data sent between client and server is the instruction and the arguments needed? I have never coded any server stuff before, and I couldn't find such information in the Internet. I just used my own logic, which is questionable.

Can you please explain a little more about the reason why I must be careful while using eval? I feel like it's rather risky, but I'm not sure why. I guess I'm just paranoid.

PARTNERS