Message73036
I think that, where it's appropriate, you can do that. Just don't put it in
the SSL module.
Bill
On Wed, Sep 10, 2008 at 11:24 PM, Heikki Toivonen <report@bugs.python.org>wrote:
>
> Heikki Toivonen <hjtoi-bugzilla@comcast.net> added the comment:
>
> Ok, thank you for clarifications. Now I understand why the hostname
> checking isn't the solution that fits every problem. I am still not
> completely clear how you'd do the checking otherwise, for example to
> verify the service you are talking to is what you think it is.
>
> But still, I think dealing with email servers is another common use case
> where hostname check is adequate most of the time. I am sure there are
> other cases like this. Therefore I am still of the opinion that the
> default should be to do the hostname check. Yes, make it overridable,
> but doing the check is safer than not doing any checking IMO because
> even if the check is incorrect for a certain purpose the developer is
> likely to notice an error quickly and inclined to do some other security
> check instead of not doing anything and thinking they have a secure system.
>
> If you want to continue the discussion, we should maybe take this to
> some other forum, like comp.lang.python.
>
> _______________________________________
> Python tracker <report@bugs.python.org>
> <http://bugs.python.org/issue1589>
> _______________________________________
> |
File name |
Uploaded |
unnamed
|
janssen,
2008-09-11.16:04:01
|
|
Date |
User |
Action |
Args |
2008-09-11 16:04:48 | janssen | set | recipients:
+ janssen, vila, heikki, ahasenack |
2008-09-11 16:04:03 | janssen | link | issue1589 messages |
2008-09-11 16:04:03 | janssen | create | |
|