Simple Python Sandbox

Roland Koebler r.koebler at yahoo.de
Mon Aug 16 16:01:42 CEST 2010


On Sat, Aug 14, 2010 at 08:01:00PM -0700, Stephen Hansen wrote:
> > As you can see, black listing isn't the best approach here.
> 
> But I have a two pronged strategy: the black list is only half of the
> equation. One, I'm blacklisting all the meta functions out of builtins.
But blacklists are *never* secure. Sorry, but you should fully understand
this before even thinking about more detailed security.

Why are you blacklisting the "known-bad" functions instead of whitelising
the allowed ones??

regards,
Roland




More information about the Python-list mailing list