[Python-Dev] Divorcing str and unicode (no more implicitconversions).
"Martin v. Löwis"
martin at v.loewis.de
Tue Oct 25 23:05:28 CEST 2005
Josiah Carlson wrote:
> It seems that removing this restriction may cause serious issues, at
> least in the case when using cyrillic characters in names. See recent
> security issues in regards to web addresses in web browsers for the
> confusion (and/or name errors) that could result in their use.
That impression is deceiving. We are talking about source code here;
people type in identifiers explicitly rather than receiving them
through linking, and they scope identifiers (by module or object).
If somebody manages to get look-alike identifiers into your Python
libraries, you have bigger problems than these look-alikes: anybody
capable of doing so could just as well replace the real thing in
the first place.
As always in computer security: define your threat model before
reasoning about the risks.
More information about the Python-Dev