Message155204
Couple of points:
1. On your last example, which webserver treats 'L' as part of port number? I can't of anything.
2. Can you write a "real application" which is listening to beyond 65535? Which platform would it be?
Current way of handling invalid port like, int('foo') by raising ValueError seems to be a better than returning a None. A better error message could be desirable, but that does not make it a security issue.
Additionally, for the example of int changing long integer to 'L' appended one would a 2.x case as it is no longer the behavior in 3.x
Also, I would advice to look at getPort function in a C library or a Java library and see what it does. The only difference I see is, they return -1 where Python returns None.
I am changing the request type to an enhancement, because there is not a valid argument to support that it is a security issue. |
|
Date |
User |
Action |
Args |
2012-03-09 03:07:01 | orsenthil | set | recipients:
+ orsenthil, ncoghlan, r.david.murray, zulla |
2012-03-09 03:07:01 | orsenthil | set | messageid: <1331262421.68.0.340682399848.issue14036@psf.upfronthosting.co.za> |
2012-03-09 03:07:01 | orsenthil | link | issue14036 messages |
2012-03-09 03:07:00 | orsenthil | create | |
|