This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vajrasky
Recipients orsenthil, r.david.murray, vajrasky
Date 2013-10-14.10:42:15
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1381747335.93.0.821562727446.issue19082@psf.upfronthosting.co.za>
In-reply-to
Content 
Hi, Senthil Kumaran, thank you for your review.

I have one small complain about your improved patch. Perhaps we need to give security warning when they want to use allow_dotted_names feature in the documentation. I omitted the warning in the demo because it is just a demo.

From the source code (Lib/xmlrpc/server.py):
    *** SECURITY WARNING: ***

            Enabling the allow_dotted_names options allows intruders
            to access your module's global variables and may allow
            intruders to execute arbitrary code on your machine.  Only
            use this option on a secure, closed network.

Whether we want to give a separate example without allow_dotted_names feature or using example without allow_dotted_names feature entirely, I am not really sure.

What do you say?
History
Date User Action Args
2013-10-14 10:42:15vajraskysetrecipients: + vajrasky, orsenthil, r.david.murray
2013-10-14 10:42:15vajraskysetmessageid: <1381747335.93.0.821562727446.issue19082@psf.upfronthosting.co.za>
2013-10-14 10:42:15vajraskylinkissue19082 messages
2013-10-14 10:42:15vajraskycreate