This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author ncoghlan
Recipients alex, ncoghlan
Date 2011-10-21.06:41:57
SpamBayes Score 0.02147777
Marked as misclassified No
Message-id <1319179318.53.0.205854726663.issue13238@psf.upfronthosting.co.za>
In-reply-to
Content
Perhaps a better idea would be to use different names, so it's clearer at the point of invocation that the shell is being invoked (and hence shell injection attacks are a potential concern). For example:

  shell_call
  check_shell_call
  check_shell_output

That would make large applications easier to audit (just search for 'shell_') while still making life easier for sysadmins.
History
Date User Action Args
2011-10-21 06:41:58ncoghlansetrecipients: + ncoghlan, alex
2011-10-21 06:41:58ncoghlansetmessageid: <1319179318.53.0.205854726663.issue13238@psf.upfronthosting.co.za>
2011-10-21 06:41:57ncoghlanlinkissue13238 messages
2011-10-21 06:41:57ncoghlancreate