Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2002-January/019470.html below:

[Python-Dev] PEP_215_ (string interpolation) alternative EvalDict

• Previous message: [Python-Dev] PEP_215_ (string interpolation) alternative EvalDict
• Next message: [Python-Dev] PEP_215_ (string interpolation) alternative EvalDict
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> But just in case I'm seeing it all wrong: could you explain
> to me how PEP 215 *doesn't* have the potential of introducing
> a security hole ?

Gladly.

Every $-string can be converted to equivalent code that uses only:

  a)  whatever code the programmer explicitly typed
      in the $-string;
  b)  str() or unicode(); and
  c)  the + operator applied to strings.

Therefore $ is exactly as secure or insecure as those three
pieces.

All three of these things are just as safe as the non-PEP-215
features that we're already using.

Therefore $-strings do not introduce any new security hole.

## Jason Orendorff    http://www.jorendorff.com/

• Previous message: [Python-Dev] PEP_215_ (string interpolation) alternative EvalDict
• Next message: [Python-Dev] PEP_215_ (string interpolation) alternative EvalDict
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4