[Python-3000] Chaning the import machinery; was: Re: [Python-Dev] setuptools in 2.5.
Jan Claeys
lists at janc.be
Thu Apr 20 18:06:55 CEST 2006
Op do, 20-04-2006 te 16:27 +0100, schreef Guido van Rossum:
> On 4/20/06, Walter Dörwald <walter at livinglogic.de> wrote:
> > Guido van Rossum wrote:
> > > Importing from remote URLs is a non-starter from a security POV; and
> > > using HTTPS would be too slow. For code that's known to reside
> > > remotely, a better approach is to use setuptools to install that code
> > > once and for all.
> >
> > I don't see how that changes anything from a security POV. You have to
> > trust the source in both cases.
>
> With http, even if I trusted the source, I still shouldn't trust that
> the data I get from the URL actually came from the source. With HTTPS,
> at least man-in-the-middle attacks should be thwarted.
A man-in-the-middle-attack and other ways to "inject" a different module
than intended by the author are also possible with the current default
filesystem based imports, so I don't think that's a good argument
against http-imports (or other similar extensions to import). In both
cases you need a way to check & control the whole chain involved
(network, OS, python, ...) to make 100% sure every step is safe, that
you really import what you intended to import...
--
Jan Claeys
More information about the Python-3000
mailing list