Steven Majewski wrote: > On Mon, 14 Jan 2002, Jason Orendorff wrote: > > Steven Majewski wrote: > > > On Mon, 14 Jan 2002, Jason Orendorff wrote: > > > > Would someone please explain to me what is seen as a "possible > > > > security issue" in PEP 215? Can anyone propose some real-life > > > > situation where PEP 215 causes a vulnerability, and the > > > > corresponding % syntax doesn't? > > > > > > Do you mean the current '%' or my expanded example ? > > > > I mean the current %. > > > > Well? > > > > Paul is the one who (rightly) brought up the issue of security > with respect to double evaluated strings. But in addition, he > seemed to be saying that you can do more with a compile time > test than you can with a runtime test. I disagree with that. > > I think, for the same semantics, you get the same security > issues. I think it's very similar to the compile time type > checking vs. dynamic typing problem. (In fact, I think it > reduces to the same problem.) > > There are clearly some advantages to doing things compile time, > but you don't get more security without more restriction. As long as this "security issue" thread dies, I'm happy. ## Jason Orendorff http://www.jorendorff.com/
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4