Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #3667

Re: Pickling over a socket

From Thomas Rachel <nutznetz-0c1b6768-bfa9-48d5-a470-7603bd3aa915@spamschutz.glglgl.de>
Newsgroups comp.lang.python
Subject Re: Pickling over a socket
Date 2011-04-20 10:25 +0200
Organization A newly installed InterNetNews server
Message-ID <iom59c$d2q$1@r03.glglgl.eu> (permalink)
References (3 earlier) <7744bf8c-0df6-4dc9-a977-7234d571643f@r4g2000prm.googlegroups.com> <7a56699d-7387-49a0-8c4f-f794df43df00@22g2000prx.googlegroups.com> <20110420084431.0480aa41@chaostal.de> <BANLkTiksqp-RMyJj8UcbquiYxHZJqeSj-w@mail.gmail.com> <mailman.624.1303284884.9059.python-list@python.org>

Show all headers | View raw

Am 20.04.2011 09:34, schrieb Bastian Ballmann:

> No system is totally secure. You can _always_ poke around if a program
> uses user input.

It depends on what the program does with the input. If it treats it 
appropriately, nothing can happen.


> For example one can totally own a complete computer by
> nothing more than a single sql injection attack even if the programmer
> implemented some filters.

What do yu want with filters here? Not filtering is appropriate against 
SQL injection, but escaping.

If Little Bobby Tables is really called "Robert'); DROP TABLE STUDENTS; 
--", it is wrong to reject this string - instead, all dangerous 
characters inside it must be quoted (in this case: ') and then it does 
not harm at all.


 > Now would you say one shouldnt use sql
> databases cause of that? ;)

No, just beware of what can happen and use the dbs and its functions 
appropriately.


Thomas

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Pickling over a socket Roger Alexander <rtalexander@mac.com> - 2011-04-19 11:53 -0700
  Re: Pickling over a socket Chris Rebert <clp2@rebertia.com> - 2011-04-19 12:21 -0700
  Re: Pickling over a socket Chris Angelico <rosuav@gmail.com> - 2011-04-20 05:29 +1000
  Re: Pickling over a socket Dan Stromberg <drsalists@gmail.com> - 2011-04-19 12:30 -0700
  Re: Pickling over a socket Chris Angelico <rosuav@gmail.com> - 2011-04-20 05:37 +1000
    Re: Pickling over a socket Roger Alexander <rtalexander@mac.com> - 2011-04-19 15:27 -0700
      Re: Pickling over a socket Jean-Paul Calderone <calderone.jeanpaul@gmail.com> - 2011-04-19 19:28 -0700
        Re: Pickling over a socket Bastian Ballmann <balle@chaostal.de> - 2011-04-20 08:44 +0200
        Re: Pickling over a socket Chris Angelico <rosuav@gmail.com> - 2011-04-20 16:59 +1000
        Re: Pickling over a socket Bastian Ballmann <balle@chaostal.de> - 2011-04-20 09:34 +0200
          Re: Pickling over a socket Thomas Rachel <nutznetz-0c1b6768-bfa9-48d5-a470-7603bd3aa915@spamschutz.glglgl.de> - 2011-04-20 10:25 +0200
            [OT] Re: Pickling over a socket Bastian Ballmann <balle@chaostal.de> - 2011-04-20 10:59 +0200
        Re: Pickling over a socket Chris Angelico <rosuav@gmail.com> - 2011-04-20 19:26 +1000
        Re: Pickling over a socket Bastian Ballmann <balle@chaostal.de> - 2011-04-20 11:41 +0200

csiph-web