Am Wed, 20 Apr 2011 19:26:44 +1000
schrieb Chris Angelico :
> Yes, but the other half of the issue is that you have to treat
> anything that comes over the network as "user input", even if you
> think it's from your own program that you control.
Sure.
> Buffer overruns can happen in all sorts
On Wed, Apr 20, 2011 at 7:17 PM, Bastian Ballmann wrote:
> Well you forgot to escape ; and \ but this seems to slide into OT ;)
The semicolon doesn't need to be escaped in a quoted string, and the
backslash does only if it's the escape character. The
string-safetifier function that I used with DB
Am Wed, 20 Apr 2011 10:25:14 +0200
schrieb Thomas Rachel
:
> It depends on what the program does with the input. If it treats it
> appropriately, nothing can happen.
Yes, but the question seems to be what is appropriately.
> What do yu want with filters here? Not filtering is appropriate
> ag
Am 20.04.2011 09:34, schrieb Bastian Ballmann:
No system is totally secure. You can _always_ poke around if a program
uses user input.
It depends on what the program does with the input. If it treats it
appropriately, nothing can happen.
For example one can totally own a complete computer
Am Wed, 20 Apr 2011 16:59:19 +1000
schrieb Chris Angelico :
> Even public/private key systems won't
> work here; someone could get hold of your client and its private key,
> and poof.
Oh yeah but than all kinds of trusted computing wont work. Sure
one can see it on the net these days looking at
On Wed, Apr 20, 2011 at 4:44 PM, Bastian Ballmann wrote:
> Yes pickle is like eval, but that doesnt mean that one should never
> ever use it over a socket connection.
> What about ssl sockets where client and server authenticate each other?
> Or you encrypt the pickle dump with symmetric encryptio
Am Tue, 19 Apr 2011 19:28:50 -0700 (PDT)
schrieb Jean-Paul Calderone :
> It is completely insecure. Do not use pickle and
> sockets together.
Yes pickle is like eval, but that doesnt mean that one should never
ever use it over a socket connection.
What about ssl sockets where client and server
On Apr 19, 6:27 pm, Roger Alexander wrote:
> Thanks everybody, got it working.
>
> I appreciate the help!
>
> Roger.
It's too bad none of the other respondents pointed out to you that you
_shouldn't do this_! Pickle is not suitable for use over the network
like this. Your server accepts arbitr
Thanks everybody, got it working.
I appreciate the help!
Roger.
--
http://mail.python.org/mailman/listinfo/python-list
On Wed, Apr 20, 2011 at 5:30 AM, Dan Stromberg wrote:
> I played around with it until something worked, and ended up with the
> below. The most significant change was probably using sc.makefile
> instead of s.makefile in the server...
Oh! I didn't notice that in the OP. Yep, that would do it!
C
On Tue, Apr 19, 2011 at 11:53 AM, Roger Alexander wrote:
> Hi,
>
> I'm trying to understand how to pickle Python objects over a TCP
> socket.
>
> In the example below (based on code from Foundations of Python Network
> Programming), a client creates a dictionary (lines 34-38) and uses
> pickle.dum
On Wed, Apr 20, 2011 at 4:53 AM, Roger Alexander wrote:
> Hi,
>
> I'm trying to understand how to pickle Python objects over a TCP
> socket.
>
> In the example below (based on code from Foundations of Python Network
> Programming), a client creates a dictionary (lines 34-38) and uses
> pickle.dump
On Tue, Apr 19, 2011 at 11:53 AM, Roger Alexander wrote:
> Hi,
>
> I'm trying to understand how to pickle Python objects over a TCP
> socket.
>
> In the example below (based on code from Foundations of Python Network
> Programming), a client creates a dictionary (lines 34-38) and uses
> pickle.dum
Hi,
I'm trying to understand how to pickle Python objects over a TCP
socket.
In the example below (based on code from Foundations of Python Network
Programming), a client creates a dictionary (lines 34-38) and uses
pickle.dump at line 42 to write the pickled object using file handle
make from a s
14 matches
Mail list logo
