On 1/5/2012 11:49 AM, Tres Seaver wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 01/05/2012 02:14 PM, Glenn Linderman wrote: >> 1) the security problem is not in CPython, but rather in web servers >> that use dict inappropriately. > Most webapp vulnerabilities are due to their use of Python's cgi module, > which it uses a dict to hold the form / query string data being supplied > by untrusted external users. Yes, I understand that (and have some such web apps in production). In fact, I pointed out urllib.parse and cgi as specific modules for which a proposed fix could be made without impacting the Python hash function. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20120105/ca008235/attachment.html>
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4