Message99465
Currently, the documentation of subprocess only says "Calling the program through the shell is usually not required.". IMHO there should be a real warning (like, in its own box with a couple of big exclamation marks ;)) about the security implications of using this and detailed instructions of how to avoid it. People tend to use this functionality just because they "know how to use the shell" and its just so convenient - and by doing so they create huge security holes in their applications. |
|
Date |
User |
Action |
Args |
2010-02-17 10:15:59 | christoph.neuroth | set | recipients:
+ christoph.neuroth, georg.brandl |
2010-02-17 10:15:59 | christoph.neuroth | set | messageid: <1266401759.12.0.600282213979.issue7950@psf.upfronthosting.co.za> |
2010-02-17 10:15:57 | christoph.neuroth | link | issue7950 messages |
2010-02-17 10:15:56 | christoph.neuroth | create | |
|