bignose+hates-spam at benfinney.id.au
Thu Mar 30 08:06:48 CEST 2006
"Michael Tobis" <mtobis at gmail.com> writes:
> So what is the scoop? Why does Guido say there is no such thing as a
> secure Python, and (as is generally reasonable) presuming he is correct
> on the matter, how can these sites work safely?
"Security is a process, not a product."
There's no such thing as "a secure foo", in absolute terms. One can
point to flaws in non-foo and show how foo avoids those flaws; one can
possibly even defend a claim that "foo is more secure than bar". But
to state "there is no such thing as a secure foo" simply points out
that it is always possible to be "more secure", which is an ongoing
process of improvement that can never be complete.
Security is also not an absolute good. It's a truism that measures
which prevent illegitimate activity also incrementally make legitimate
activity more onerous. The real trick is to maximise the one and
minimise the other. The tradeoff can never be complete or perfect,
since everyone's definition of the right tradeoff is different and
Security is also not a single dimension. Physical security, personnel
security, network security, data security, risk management, etc
cetera; all these are areas that have their own set of security versus
In this light, the process of Python security must be ongoing; if it's
not, it's regressing. This doesn't mean Python is "not secure", or
"not safe"; those are absolutes again, and they don't apply.
Sites can operate securely by being aware of the security
ramifications of their infrastructure decisions, and being aware of
security issues that apply to anything they do. To pretend that
security can be obtained by getting hold of a "secure programming
language" is a delusion.
\ "One thing vampire children have to be taught early on is, |
`\ don't run with a wooden stake." -- Jack Handey |
More information about the Python-list