> That said, however, i wonder why security rarely comes up as an > issue for Python. Is it because nobody expects security properties > from the language? Does anyone know how much the restricted > execution feature gets used? Is there anyone here that would use > a tainting feature if it existed? In my understanding, tainting is needed if you allow data received from remote to invoke arbitrary operations. In Python, there is only a short list where this might cause a problem: - invoking exec or eval on a string of unknown origin - unpickling an arbitrary string - performing getattr with a parameter of unknown origin. Because there are so few places where tainted data may cause problems, it never is an issue: people just intuitively know to avoid them. > It would be interesting to explore the possibilities for safe > distributed programming in Python. Not sure what this has to do with tainting, though: if you want to execute code you receive from untrusted sources, a sandbox is closer to what you need. Regards, Martin
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4