Message71682
checking hostnames is false security, not real security.
On 8/20/08, Heikki Toivonen <report@bugs.python.org> wrote:
>
> Heikki Toivonen <hjtoi-bugzilla@comcast.net> added the comment:
>
>
> I would think most people/applications want to know to which host they
> are talking to. The reason I am advocating adding a default check to the
> stdlib is because this is IMO important for security, and it is easy to
> get it wrong (I don't think I have it 100% correct in M2Crypto either,
> although I believe it errs on the side of caution). I believe it would
> be a disservice to ship something that effectively teaches developers to
> ignore security (like the old socket.ssl does).
>
> A TLS extension also allows SSL vhosts, so static IPs are no longer
> strictly necessary (this is not universally supported yet, though).
>
>
> _______________________________________
> Python tracker <report@bugs.python.org>
> <http://bugs.python.org/issue1589>
> _______________________________________
> |
|
Date |
User |
Action |
Args |
2008-08-21 21:12:31 | janssen | set | recipients:
+ janssen, vila, heikki, ahasenack |
2008-08-21 21:12:30 | janssen | link | issue1589 messages |
2008-08-21 21:12:28 | janssen | create | |
|