Message199860
Hi, Senthil Kumaran, thank you for your review.
I have one small complain about your improved patch. Perhaps we need to give security warning when they want to use allow_dotted_names feature in the documentation. I omitted the warning in the demo because it is just a demo.
From the source code (Lib/xmlrpc/server.py):
*** SECURITY WARNING: ***
Enabling the allow_dotted_names options allows intruders
to access your module's global variables and may allow
intruders to execute arbitrary code on your machine. Only
use this option on a secure, closed network.
Whether we want to give a separate example without allow_dotted_names feature or using example without allow_dotted_names feature entirely, I am not really sure.
What do you say? |
|
Date |
User |
Action |
Args |
2013-10-14 10:42:15 | vajrasky | set | recipients:
+ vajrasky, orsenthil, r.david.murray |
2013-10-14 10:42:15 | vajrasky | set | messageid: <1381747335.93.0.821562727446.issue19082@psf.upfronthosting.co.za> |
2013-10-14 10:42:15 | vajrasky | link | issue19082 messages |
2013-10-14 10:42:15 | vajrasky | create | |
|