On Sun, Jan 15, 2012 at 11:03 PM, Bryan <bryanjugglercryptograp...@yahoo.com> wrote: > Chris Angelico wrote: >> Suggestion: Create a subclass of dict, the SecureDict or something, >> ... there's no point adding extra load to every >> name lookup just because of a security issue in an extremely narrow >> situation. > > That seemingly "extremely narrow situation" turns out to be wide as > Montana. Maybe Siberia. Does your program take input? Does it accept a > format that could possibly be downloaded from a malicious site on the > Internet? Does your market include users who occasionally make > mistakes? If not, enjoy your utter irrelevance. If so, > congratulations: you write Internet software.
Yes, but in that "Internet software", there will only be a small number of dictionaries that an attacker can stuff with keys (GET/POST data, headers, cookies, etc, and anything derived therefrom); compare the huge number of dictionaries that exist elsewhere in your Python program. Adding load to dictionaries will add load to a huge number of lookups that can never come under attack. However, since posting that I've read the entire thread on the python-dev archive. (It is, I might mention, a LOT of text.) A number of suggestions and arguments are put forth, including a subclassing notion similar to my postulation, and the same point is raised: that app/framework developers won't secure their apps. Other options are also offered (personally, I'm liking the one where an exception is raised if something collides with too many keys - current suggestion 1000, although it could possibly work well with something that scales with the dictionary size), and I'm sure that something will be done that's a lot smarter than one quick idea spun off in response to a separate query. So, I retract this idea :) ChrisA -- http://mail.python.org/mailman/listinfo/python-list
