Simple Python Sandbox
r.koebler at yahoo.de
Mon Aug 16 16:01:42 CEST 2010
On Sat, Aug 14, 2010 at 08:01:00PM -0700, Stephen Hansen wrote:
> > As you can see, black listing isn't the best approach here.
> But I have a two pronged strategy: the black list is only half of the
> equation. One, I'm blacklisting all the meta functions out of builtins.
But blacklists are *never* secure. Sorry, but you should fully understand
this before even thinking about more detailed security.
Why are you blacklisting the "known-bad" functions instead of whitelising
the allowed ones??
More information about the Python-list