On 06/25/2010 07:49 PM, Lawrence D'Oliveiro wrote:
In the Python example, that would be something like
os.popen2(['zcat', '-f', '--', untrusted]).
That’s what I mean. Why do people consider input sanitization
so hard?
It's hard because it requires thinking. Sadly, many of the
people I know who call themselves programmers couldn't code their
way out of a paper bag, let alone think logically about the
security implications of their code.[1]
-tkc
[1] much of which ends up being cargo-cult programming,
cut-n-paste'd from Google search-results.
--
http://mail.python.org/mailman/listinfo/python-list
