Python CGI security
Andrew Kuchling
akuchlin at mems-exchange.org
Mon Jul 3 12:33:56 EDT 2000
"E. Jordan Bojar" <bojar at speakeasy.org> writes:
> I'm interested in running a series of Python scripts via the Apache Python
> module, mostly for dynamic content but possibly for password protection as
> well. Are there security issues particular to (or common with) Python CGIs,
> in the way that buffer overflow is so common to poorly-written Perl?
Actually I'd expect that very few Perl security problems stem from
buffer overflows, but instead come from improperly screening user
input. (Taking the value of a field and blithely opening a file with
the same name, for example, which is vulnerable to values such as
../../../etc/passwd.) Similarly, while there may be buffer overflows
inside the Python interpreter that should be fixed, I'd be far more
worried about the CGI/Apache code itself.
--amk
More information about the Python-list
mailing list