[Python-3000] Reminder: Py3k PEPs due by April
Brett Cannon
brett at python.org
Tue Apr 10 21:25:29 CEST 2007
On 4/10/07, Phillip J. Eby <pje at telecommunity.com> wrote:
>
> At 12:03 PM 4/10/2007 -0700, Brett Cannon wrote:
> >2. Remove file.__init__, code.__init__, and object.__subclasses__ for
> >security reasons.
>
> The __subclasses__ method is useful -- even more so in 3.x than in 2.x,
> because in 3.x there are no classic classes.
>
> I was planning to make use of this in my generic function libraries to
> allow automatic checking for completeness and ambiguity of a ruleset,
> given
> the classes that are currently defined. Currently, this is limited by the
> inability to access classic classes' subclasses, but in 3.x __subclasses__
> is an ideal way to locate active classes.
>
>
The problem with it, though, is it does expose *so* much. If I have a class
defined that is not exposed within the interpreter but is live in the
process, I can still get to it with this method. That's a problem if the
class has a security component to it where there is a class attribute that
should not be exposed within the interpreter.
This can be discussed more if/when I get my security paper out in the public
and get a PEP written to actually push for the removals.
-Brett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/python-3000/attachments/20070410/be95fe46/attachment.html
More information about the Python-3000
mailing list