[OT] Re: Pickling over a socket

Bastian Ballmann balle at chaostal.de
Wed Apr 20 04:59:33 EDT 2011

Am Wed, 20 Apr 2011 10:25:14 +0200
schrieb Thomas Rachel
<nutznetz-0c1b6768-bfa9-48d5-a470-7603bd3aa915 at spamschutz.glglgl.de>:

> It depends on what the program does with the input. If it treats it 
> appropriately, nothing can happen.

Yes, but the question seems to be what is appropriately.

> What do yu want with filters here? Not filtering is appropriate
> against SQL injection, but escaping.

Escaping in strings, filtering with numbers etc.

> If Little Bobby Tables is really called "Robert'); DROP TABLE
> STUDENTS; --", it is wrong to reject this string - instead, all
> dangerous characters inside it must be quoted (in this case: ') and
> then it does not harm at all.

Well you forgot to escape ; and \ but this seems to slide into OT ;)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-list/attachments/20110420/a7882560/attachment.sig>

More information about the Python-list mailing list