[Tutor] role playing game - help needed

David Hutto smokefloat at gmail.com
Sun Dec 12 20:16:46 CET 2010


On Sat, Dec 11, 2010 at 10:39 PM, Steven D'Aprano <steve at pearwood.info> wrote:
> David Hutto wrote:
>>
>> On Sat, Dec 11, 2010 at 11:54 AM, Lie Ryan <lie.1296 at gmail.com> wrote:
>>>
>>> On 12/07/10 23:37, Robert Sjöblom wrote:
>>>>
>>>> I've been told to use input() if I know that I'll only get integers,
>>>> and raw_input() for "everything."
>>>
>>> That is a bad piece of advice. You should only use input() when you can
>>> fully trust whoever doing the input (i.e. you).
>>
>> Who uses the crap we, as noobies produce? It's pie in the sky
>> mentality. We design it because WE want it and WE(individually) use
>> it.
>
> Do you want to learn good habits or learn bad habits? I think we've seen
> plenty of evidence on this mailing list that you have little interest in
> learning good habits, but actively defend your right learn bad habits.

You define a good habit as making the code impossible for someone just
learning to use,
and you call my habits bad.. I recall you making a habit of being an
asshole(pystats should ring a bell, thanks for giving me the credit
for inspiration...bitch)



>
> There are plenty of people who do the same. They're harmless and even
> pathetically amusing as newbies, and then they get a job working as a
> professional programmer, and end up writing crappy, bug-addled code filled
> with the sort of n00b errors that we've been warning about. Bug-addled code
> with *real* consequences.

Yeah, we call that YOUR mistakes being pointed out later in life due
to experience.
20/20 hindsight is great ain't it poindexter?

>
> Command injection bugs are hugely common in the real world. At least four of
> the 25 most common security bugs in *professional* software are in my
> opinion varieties of the command injection flaw, and one of those is the
> SECOND most common flaw:
>
> SQL injection attack #2 most common
> Unrestricted upload of dangerous files #8 most common
> OS command injection #9 most common
> PHP file inclusion attack #13 most common

Injection is only relevant in non-personal code.


>
> http://cwe.mitre.org/top25/
>
> OS command injection is *exactly* the sort of thing we're warning about.
>
> Feel free to continue learning bad habits, but please stop trying to
> encourage others to do the same.

I didn't encourage a bad habit, I encouraged development of a problem
defined by the client and a solution developed byu the programmer.

The only bad habit around here, is your condescending nature.


>
>
> --
> Steven
> _______________________________________________
> Tutor maillist  -  Tutor at python.org
> To unsubscribe or change subscription options:
> http://mail.python.org/mailman/listinfo/tutor
>


More information about the Tutor mailing list