On 1/12/07, glyph at divmod.com <glyph at divmod.com> wrote: > On 12:37 am, brett at python.org wrote: > > >For security reasons I might be asking for file's constructor to be > >removed from the type for Python source code at some point (it can be > >relocated to an extension module if desired). By forcing people to go > >through open() to create a file object you can more easily control > >read/write access to the file system (assuming the proper importation > >of extension modules has been blocked). Not removing the constructor > >allows any code that has been explicitly given a file object but not > >open() to just get the class and call the constructor to open a new > >file. > > This is a general problem with type access. Secure versions of any type > should not allow access to the type period. It is hardly unique to files, > and is not limited to constructors either. How do you, e.g., allow a > restricted piece of code write access to only a specified area of the > filesystem? > Wrapper around open() that does proper checking of its arguments. I will be discussing my security stuff at PyCon if you are attending and are interested. -Brett
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4