Message53424
This might just add unnecessary bloat, but since Python is being
used in CGI scripts, it can be used to narrow a security hole. One way
of breaking security is for a naiive programmer (don't try to deny
their existance) to run an arbitrary command from the page
viewer.
Perl has developed an interesting mechanism for
helping with this: taint. The way it works is, when something comes
directly from the user, like a key in a form, it is considered to have
taint unless specifically untainted. Things like os.exec() would
create a warning message if you passed tainted strings to
them.
As I said, this might just add unnecessary bloat, but for
an option that can be left out for most builds of Python I think it
would be pretty nice. |
|
Date |
User |
Action |
Args |
2007-08-23 16:01:57 | admin | link | issue500698 messages |
2007-08-23 16:01:57 | admin | create | |
|