web security question.
Tim Peters
tim.one at comcast.net
Sun May 16 18:42:47 EDT 2004
[Christos TZOTZIOY Georgiou]
> This message is related:
>
>
<http://groups.google.com/groups?selm=mailman.1042778911.1136.python-list%40
python.org>
>
> I didn't test if Tim's snippet produces a segfault, though.
It won't in Python 2.4, but still will in 2.3.4 (and earlier). People
*allowing* access to the buffer() builtin in Web-based code are insane,
though, and the sample code referenced requires (ab)using the buffer()
builtin. As a sane counterexample, Zope removes buffer() from the built-ins
available to Python code running under Zope.
More information about the Python-list
mailing list