On 06/28/18 16:44, Steven D'Aprano wrote:
I agree with you that it's a bad idea.
Aside from the little fact that you described concerns about using Python
code for settings as "silly".
Umm, no. I said that worrying about arbitrary code execution in an
interpreted language seemed silly.
On Thu, 28 Jun 2018 10:58:36 -0700, Jim Lee wrote:
> On 06/28/18 07:30, Grant Edwards wrote:
>> I still maintain it's a bad idea to run arbitrary code found in
>> user-edited config files.
>>
>> There may be cases where somebody has figured out how to muck with a
>> config file that's shared among
On 06/28/18 07:30, Grant Edwards wrote:
I still maintain it's a bad idea to run arbitrary code found in
user-edited config files.
There may be cases where somebody has figured out how to muck with a
config file that's shared among multiple users, or has tricked
somebody into including somethin
On 06/28/18 00:46, Steven D'Aprano wrote:
Yes, attacks by trusted insiders are the hardest to defend against.
Betrayal of trust sucks. Trusted users with sufficient privileges could
just modify the source code of your application or of Python itself. They
could also attack your system in a tho
On 2018-06-28, Steven D'Aprano wrote:
> So why give them the ability to escalate their privilege to that of
> your application (which probably can do lots of things they can't
> do) by directly executing Python code they supply?
To be fair, that situation isn't common. The vast majority of
appl
On Wed, 27 Jun 2018 16:09:09 -0700, Jim Lee wrote:
> On 06/27/18 15:19, Steven D'Aprano wrote:
>> On Wed, 27 Jun 2018 12:15:23 -0700, Jim Lee wrote:
>>
>>> It seems a bit silly to me to worry about arbitrary code
>>> execution in
>>> an interpreted language like Python whose default runtim
On 06/27/18 15:19, Steven D'Aprano wrote:
On Wed, 27 Jun 2018 12:15:23 -0700, Jim Lee wrote:
It seems a bit silly to me to worry about arbitrary code execution
in
an interpreted language like Python whose default runtime execution
method is to parse the source code directly. An attac
On Wed, 27 Jun 2018 12:15:23 -0700, Jim Lee wrote:
> It seems a bit silly to me to worry about arbitrary code execution
> in
> an interpreted language like Python whose default runtime execution
> method is to parse the source code directly. An attacker would be far
> more likely to simply
i think variables also in the case of
PORT = 12345
Abdur-Rahmaan Janhangeer
https://github.com/Abdur-rahmaanJ
And it doesn't require that the end user have any knowlege of Python
> syntax or sematics.
>
--
https://mail.python.org/mailman/listinfo/python-list
On 2018-06-27, Jim Lee wrote:
> It seems a bit silly to me to worry about arbitrary code
> execution in an interpreted language like Python whose default
> runtime execution method is to parse the source code directly.
Maybe it's not a deliberate attack. Good application design is also
about
On 06/27/2018 12:15 PM, Jim Lee wrote:
On 06/27/18 11:45, Abdur-Rahmaan Janhangeer wrote:
and that closes it,
thanks !!!
Abdur-Rahmaan Janhangeer
https://github.com/Abdur-rahmaanJ
Importing variables from a file is dangerous because it can execute
arbitrary code. It should never be done w
On 06/27/18 11:45, Abdur-Rahmaan Janhangeer wrote:
and that closes it,
thanks !!!
Abdur-Rahmaan Janhangeer
https://github.com/Abdur-rahmaanJ
Importing variables from a file is dangerous because it can execute
arbitrary code. It should never be done with files provided by the
user.
Using c
and that closes it,
thanks !!!
Abdur-Rahmaan Janhangeer
https://github.com/Abdur-rahmaanJ
Importing variables from a file is dangerous because it can execute
> arbitrary code. It should never be done with files provided by the
> user.
>
> Using configparser is far, far safer.
>
--
https://mail
On 2018-06-27, Abdur-Rahmaan Janhangeer wrote:
> what is more recommended and why? using configparser for settings or import
> variables from file?
Importing variables from a file is dangerous because it can execute
arbitrary code. It should never be done with files provided by the
user.
Using
what is more recommended and why? using configparser for settings or import
variables from file?
thanks,
Abdur-Rahmaan Janhangeer
https://github.com/Abdur-rahmaanJ
--
https://mail.python.org/mailman/listinfo/python-list
15 matches
Mail list logo
