Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2011-March/110215.html below:

[Python-Dev] Security implications of pep 383

• Previous message: [Python-Dev] cmp= & key= (Re: Proposed change to logging.basicConfig)
• Next message: [Python-Dev] Security implications of pep 383
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hey all,

Not sure how real the security risk is here:

     http://blog.omega-prime.co.uk/?p=107

Basically  he is saying that if you store a list of blacklisted files 
with names encoded in big-5 (or some other non-utf8 compatible encoding) 
if those names are passed at the command line, or otherwise read in and 
decoded from an assumed-utf8 source with surrogate escaping, the 
surrogate escape decoded names will not match the properly decoded 
blacklisted names.

All the best,

Michael Foord

-- 
http://www.voidspace.org.uk/

May you do good and not evil
May you find forgiveness for yourself and forgive others
May you share freely, never taking more than you give.
-- the sqlite blessing http://www.sqlite.org/different.html

• Previous message: [Python-Dev] cmp= & key= (Re: Proposed change to logging.basicConfig)
• Next message: [Python-Dev] Security implications of pep 383
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4