"Michael Tobis" <[EMAIL PROTECTED]> writes: > So what is the scoop? Why does Guido say there is no such thing as a > secure Python, and (as is generally reasonable) presuming he is correct > on the matter, how can these sites work safely?
"Security is a process, not a product." There's no such thing as "a secure foo", in absolute terms. One can point to flaws in non-foo and show how foo avoids those flaws; one can possibly even defend a claim that "foo is more secure than bar". But to state "there is no such thing as a secure foo" simply points out that it is always possible to be "more secure", which is an ongoing process of improvement that can never be complete. Security is also not an absolute good. It's a truism that measures which prevent illegitimate activity also incrementally make legitimate activity more onerous. The real trick is to maximise the one and minimise the other. The tradeoff can never be complete or perfect, since everyone's definition of the right tradeoff is different and constantly evolving. Security is also not a single dimension. Physical security, personnel security, network security, data security, risk management, etc cetera; all these are areas that have their own set of security versus accessibility tradeoffs. In this light, the process of Python security must be ongoing; if it's not, it's regressing. This doesn't mean Python is "not secure", or "not safe"; those are absolutes again, and they don't apply. Sites can operate securely by being aware of the security ramifications of their infrastructure decisions, and being aware of security issues that apply to anything they do. To pretend that security can be obtained by getting hold of a "secure programming language" is a delusion. -- \ "One thing vampire children have to be taught early on is, | `\ don't run with a wooden stake." -- Jack Handey | _o__) | Ben Finney -- http://mail.python.org/mailman/listinfo/python-list
