[Catalog-sig] Attempts to hack pypi?
"Martin v. Löwis"
martin at v.loewis.de
Fri Dec 2 23:42:45 CET 2011
> ...which looks a lot like someone trying to hack information from the
> PyPI server, so thought I'd let you know...
People are encouraged to review the code, but I'm fairly sure that these
attempts are futile. ISTM that this is a generic attack to try to fill
out parameters that remotely look like file names with what the attacker
thinks might also be valid filenames.
You can find the :action processing in inner_run of
https://svn.python.org/packages/trunk/pypi/webui.py
Regards,
Martin
More information about the Catalog-SIG
mailing list