Mike Meyer <[EMAIL PROTECTED]> writes: > > Privilege separation is considered a good coding practice. How does > > Python help it? > > With conventions and name mangling. Which are only slightly less > effective than the C++/Java technic for doing the same thing.
That's not what privilege separation means. It means that the privileged objects stay secure even when the unprivileged part of the program is completely controlled by an attacker. It's not used enough. It's typically done with separate processes and maybe separate user accounts: http://plastictree.net/articles/privsep/ar01s02.html and in the case of host-security modules (used in banking), it's done with separate hardware. Java (but not C++) can do it with private variables and so forth (applet security depends on that). It's a reasonable style to use in any program that uses files, sockets, etc., and has to cope with possibly-malicious data. > I was going to suggest Jython as a better bet for getting something > rexec-like to work. Yeah, that's the thing, we should not think of Python as meaning one particular implementation. -- http://mail.python.org/mailman/listinfo/python-list
