Pickling over a socket
Bastian Ballmann
balle at chaostal.de
Wed Apr 20 05:41:21 EDT 2011
Am Wed, 20 Apr 2011 19:26:44 +1000
schrieb Chris Angelico <rosuav at gmail.com>:
> Yes, but the other half of the issue is that you have to treat
> anything that comes over the network as "user input", even if you
> think it's from your own program that you control.
Sure.
> Buffer overruns can happen in all sorts of places; SQL injection can
> only happen where you talk to the database. And it IS just a matter of
> using a magic auto-escape function, if your library is set up right -
No. Not all data is strings.
> Not at all; just never *trust* user input. Where thou typest foo,
> someone someday will type...
I never *trust* the user *blindly* as you do with your
magic-escape-function so where do we disagree?
Greets
Basti
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-list/attachments/20110420/437b4eef/attachment.sig>
More information about the Python-list
mailing list