[Tutor] What are security holes?

[dman]

On Sun, Jan 27, 2002 at 06:33:05PM -0800, Mishre wrote:
| [snip]
| 
| > | One way around this is to use Gordon McMillan's Installer[1] to create
| > | standalone programs, which do not require Python to be installed. 
| > 
| > As I understand it, the program still requires python.  The only
| > difference is the installer has python bundled with the program so the
| > end-user doesn't (necessarily) realize that.  It is just an installer,
| > not a compiler.
| 
| Technically, yes. :)
| 
| When the interpreter is include in the result, it would prevent
| unauthorized use of the interpreter.  Unless the attacker knows that
| you are using the bundled interpreter and can access it from their
| program.  However, this would require that they know to search for it,
| how to use it from their new script and the libs that are available.

Yeah, sure.  Security through obscurity.  Reminds me of the cartoon on
the cover of the O'Reilly TCP/IP networking book ("you must be at
least this tall to storm the castle") :-).

-D

-- 

You have heard the saying that if you put a thousand monkeys in a room with a
thousand typewriters and waited long enough, eventually you would have a room
full of dead monkeys.
                                (Scott Adams - The Dilbert principle)