I’m using Django and want to be able to store classes in a database for things like forms and models so that I can easily make them creatable through a user interface since they are just stored in the database as opposed to a regular file. I don’t really know a whole lot about this and am not sure if this is a situation where I need to use exec in python or if there is some other way. My searches on this aren’t turning up much of anything.
Basically, it would just be where I do a database call and get the contents of a class, then I want to instantiate it. Any advice is appreciated on how to best do this sort of thing.
EDIT: In response to the idea of a malicious __init__ in the class, these are only for things like forms or models where it is tightly controlled through validation what goes in the class, there would never be an __init__ in the class and it would be basically impossible, since I would validate everything server side, to put anything malicious in the class.
Do not store code in the database!!!
Imagine a class with a malicious
__init__method finding it’s way in your “class repository” in the database. This means whoever has write access to those database tables has the ability to read any file from your web server and even nuke it’s file system, since they have the ability to execute any python code on it.