Tainting and the Bugtraq Treatment
Ng Pheng Siong
ngps at madcap.dyn.ml.org
Wed Sep 1 10:49:07 EDT 1999
Hello, list,
I used to use Perl quite a bit, and whenever I wrote a Perl program
that may be fed input by other people/systems, I used -T. Admittedly,
I've not studied Perl's implementation of tainting very hard.
I'm sure these must be FAQs: Is tainting a good idea for Python?
(I think it is). And how to go about doing it (or better)?
Also, I believe it will be worth the effort to give Python the Bugtraq
Treatment, e.g., poking the implementation every which way with all
sorts of funny input. Surely, the snake will emerge stronger. (Or dead.)
Has anyone done work along these lines?
I am developing M2Crypto, which is Python + OpenSSL + Swig.
I'm working on the SSL part of OpenSSL and I now have an SSL.Socket
interface and a (Medusa-based) https_server working.
Python simply makes writing such things enjoyable. However, I feel that
https servers (and other cryptographic applications) written in Python
are not worth much unless they have some defence against the typical
crackerpunk techniques.
Cheers.
--
Ng Pheng Siong <ngps at post1.com>
More information about the Python-list
mailing list