Simple Python Sandbox
Roland Koebler
r.koebler at yahoo.de
Mon Aug 16 10:01:42 EDT 2010
On Sat, Aug 14, 2010 at 08:01:00PM -0700, Stephen Hansen wrote:
> > As you can see, black listing isn't the best approach here.
>
> But I have a two pronged strategy: the black list is only half of the
> equation. One, I'm blacklisting all the meta functions out of builtins.
But blacklists are *never* secure. Sorry, but you should fully understand
this before even thinking about more detailed security.
Why are you blacklisting the "known-bad" functions instead of whitelising
the allowed ones??
regards,
Roland
More information about the Python-list
mailing list