Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!aioe.org!feeder.news-service.com!feeder2.cambriumusenet.nl!feed.tweaknews.nl!193.201.147.84.MISMATCH!xlned.com!feeder1.xlned.com!news.netcologne.de!newsfeed-fusi2.netcologne.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: Gregory Ewing Newsgroups: comp.lang.python Subject: Re: Strategy to Verify Python Program is POST'ing to a web server. Date: Sun, 19 Jun 2011 12:38:16 +1200 Lines: 16 Message-ID: <964unqFhfjU1@mid.individual.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Trace: individual.net ERjK2fnYAyHl8VLwaQxJ6QzqktnZ1J+ZlcwfbRXWFV49lACt0r Cancel-Lock: sha1:QgePv93QMrdc9gwlTeXuV5eSpIk= User-Agent: Mozilla Thunderbird 1.0.5 (Macintosh/20050711) X-Accept-Language: en-us, en In-Reply-To: Xref: x330-a1.tempe.blueboxinc.net comp.lang.python:7934 Michael Hrivnak wrote: > Besides, it seems that all > you've accomplished is verifying that the client can execute python > code and you've made it a bit less convenient to attack. And that only if the attacker isn't a Python programmer. If he is, he's probably writing his attack program in Python anyway. :-) Although if you were devious, and you detected that such an attack was in progress, you could lull him into a sense of security and then send him some Python code to pwn his machine... -- Greg