[Tutor] Security and Reliability of Python

[Steven D'Aprano]

On Thu, Jul 24, 2014 at 10:11:41AM +0000, Allahondoum Mbaibarem wrote:

> I'm new at python and I would like to have knowledge about the Security and
> the Reliability factor of Python thank you.

Python is very reliable. The language has been around for over 20 years, 
and is in use in tens of thousands if not more sites. Python is actively 
maintained, so when problems are reported, they are dealt with promptly.

But of course it is a programming language, which means the reliablity 
of code you write depends on *your* skill at programming. If you write 
buggy code, Python cannot save you from your own errors.

However, unlike low-level languages like C, you should not be able to 
cause a core dump or operating-system crash from Python code. (If you 
ever do find one of those, except for the ctypes module which is 
special, it is a bug in Python and should be reported immediately. But 
you won't: I've been using Python for over 15 years and have never 
managed to cause a core dump from Python code.)

Likewise, in Python you cannot have dangling pointer errors, buffer 
overflows, or any of those similar critical errors which lead to 
security failures. The worst you can have is an uncaught exception, 
which causes the Python process to write a traceback to standard error 
and exit.

Python is only as secure as the code *you* write. If you write code 
where you accept text from untrusted people over the Internet and then 
execute it as code using eval() or exec(), then your code is vulnerable 
to code injection attacks. The solution to this is simple: don't use 
eval() or exec() on untrusted data. There is hardly ever a need to use 
eval() or exec() in your own code. In 15 years, I've only used them a 
handful of times, and then mostly for experiments.


-- 
Steven