Serious privacy leak in Python for Windows

Don Tuttle tuttledon at hotmail.com
Wed Jan 16 06:27:19 CET 2002


"Mark Hammond"
> So, rather than to fix this hole, I think the best solution is to
> disable "safe" scripting by the Python Scripting engine.  This will mean
> ASP, WSH etc. will continue to work, but IE will refuse to execute the
> scripts.

Not quite sure what you mean.  I found that disabling "Scipt ActiveX
controls marked safe for scripting" has no effect in IE6.  The test page
http://www.computerbytesman.com/privacy/pythondirdemo.htm still works.

It took disabling "Scripting:Active Scripting" to keep IE from running the
web page's code.  This stops all scripting, not just Python.

Don






More information about the Python-list mailing list