Serious privacy leak in Python for Windows
mhammond at skippinet.com.au
Wed Jan 16 00:54:09 EST 2002
Don Tuttle wrote:
> "Mark Hammond"
>>So, rather than to fix this hole, I think the best solution is to
>>disable "safe" scripting by the Python Scripting engine. This will mean
>>ASP, WSH etc. will continue to work, but IE will refuse to execute the
> Not quite sure what you mean. I found that disabling "Scipt ActiveX
> controls marked safe for scripting" has no effect in IE6. The test page
> http://www.computerbytesman.com/privacy/pythondirdemo.htm still works.
> It took disabling "Scripting:Active Scripting" to keep IE from running the
> web page's code. This stops all scripting, not just Python.
I meant for the ActiveScripting engine to be changed to disable the
support. Until the new version is out, all you can reasonably do is
disable Python completely by running the "--unregister" command.
More information about the Python-list