Message 150622 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	alex
Recipients	Arfrever, Mark.Shannon, PaulMcMillan, Zhiping.Deng, alex, barry, benjamin.peterson, christian.heimes, dmalcolm, eric.araujo, georg.brandl, gvanrossum, jcea, lemburg, pitrou, terry.reedy, vstinner
Date	2012-01-04.17:44:50
SpamBayes Score	0.01416376
Marked as misclassified	No
Message-id	<1325699090.97.0.797030531574.issue13703@psf.upfronthosting.co.za>
In-reply-to

Content
Except, it's a totally non-scalable approach. People have vulnerabilities all over their sites which they don't realize. Some examples: django-taggit (an application I wrote for handling tags) parses tags out an input, it stores these in a set to check for duplicates. It's vulnerable. Another site I'm writing accepts JSON POSTs, you can put arbitrary keys in the JSON. It's vulnerable.

Except, it's a totally non-scalable approach.  People have vulnerabilities all over their sites which they don't realize.  Some examples:

django-taggit (an application I wrote for handling tags) parses tags out an input, it stores these in a set to check for duplicates.  It's vulnerable.

Another site I'm writing accepts JSON POSTs, you can put arbitrary keys in the JSON.  It's vulnerable.

History
Date	User	Action	Args
2012-01-04 17:44:51	alex	set	recipients: + alex, lemburg, gvanrossum, barry, georg.brandl, terry.reedy, jcea, pitrou, vstinner, christian.heimes, benjamin.peterson, eric.araujo, Arfrever, dmalcolm, Mark.Shannon, Zhiping.Deng, PaulMcMillan
2012-01-04 17:44:50	alex	set	messageid: <1325699090.97.0.797030531574.issue13703@psf.upfronthosting.co.za>
2012-01-04 17:44:50	alex	link	issue13703 messages
2012-01-04 17:44:50	alex	create