> I agree (but I have said that in past) the best thing is to > deprecate/rip out rexec. I have looked a bit at zope.security, it > seems bases on a better model, maybe if it's successful it could be > incorparated in the std lib in the future ... But of course to some extent Zope's security depends on some of the features of Python's security (like being able to override __builtins__). Though especially the Zope3 approach, using security proxies implemented in C, seems quite safe: *no* attribute can be accessed without confirmation from the security checker. In this situation, type(x) will returned a security proxy for the type of x; type is replaced with a security-aware version when executing untrusted code. I note that we're finding it convenient to let __str__ and __repr__ bypass the security proxy though. This means that str() of a security-proxy-wrapped container will call str() on the unwrapped items inside the container. Of course, this simply means that __str__ and __repr__ should not reveal sensitive information; not a big burden IMO. Disclaimer: I know shit about security. :-( --Guido van Rossum (home page: http://www.python.org/~guido/)
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4