Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #3667
| Path | csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!news.dougwise.org!gegeweb.org!de-l.enfer-du-nord.net!feeder1.enfer-du-nord.net!border1.nntp.ams2.giganews.com!border3.nntp.ams.giganews.com!border1.nntp.ams.giganews.com!nntp.giganews.com!news2.euro.net!82.197.223.106.MISMATCH!feeder1.cambriumusenet.nl!feed.tweaknews.nl!94.232.116.12.MISMATCH!feed.xsnews.nl!border-2.ams.xsnews.nl!newsfeed-fusi2.netcologne.de!news.netcologne.de!ramfeed1.netcologne.de!newsfeed.arcor.de!newsspool3.arcor-online.net!news.arcor.de.POSTED!not-for-mail |
|---|---|
| From | Thomas Rachel <nutznetz-0c1b6768-bfa9-48d5-a470-7603bd3aa915@spamschutz.glglgl.de> |
| Newsgroups | comp.lang.python |
| Subject | Re: Pickling over a socket |
| Date | Wed, 20 Apr 2011 10:25:14 +0200 |
| Organization | A newly installed InterNetNews server |
| Message-ID | <iom59c$d2q$1@r03.glglgl.eu> (permalink) |
| References | <61890800-f81a-4a1e-8905-a0237407f016@a21g2000prj.googlegroups.com> <BANLkTi=1d4k6QfscN_F_fPddznfQUuY6wA@mail.gmail.com> <mailman.582.1303241870.9059.python-list@python.org> <7744bf8c-0df6-4dc9-a977-7234d571643f@r4g2000prm.googlegroups.com> <7a56699d-7387-49a0-8c4f-f794df43df00@22g2000prx.googlegroups.com> <20110420084431.0480aa41@chaostal.de> <BANLkTiksqp-RMyJj8UcbquiYxHZJqeSj-w@mail.gmail.com> <mailman.624.1303284884.9059.python-list@python.org> |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=ISO-8859-1; format=flowed |
| Content-Transfer-Encoding | 7bit |
| User-Agent | Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.14) Gecko/20110221 SUSE/3.1.8 Thunderbird/3.1.8 |
| In-Reply-To | <mailman.624.1303284884.9059.python-list@python.org> |
| Lines | 30 |
| NNTP-Posting-Date | 20 Apr 2011 10:30:02 CEST |
| NNTP-Posting-Host | 2c844e27.newsspool2.arcor-online.net |
| X-Trace | DXC=QgVElibeaK]5TOT9_N5i<VA9EHlD;3YcR4Fo<]lROoRQ8kF<OcfhCO[Bmb_WZB[aaYK8FCa6^2FWROLF_]FfFg8_Vg5\5cSdXN] |
| X-Complaints-To | usenet-abuse@arcor.de |
| X-Original-Bytes | 2596 |
| Xref | x330-a1.tempe.blueboxinc.net comp.lang.python:3667 |
Show key headers only | View raw
Am 20.04.2011 09:34, schrieb Bastian Ballmann: > No system is totally secure. You can _always_ poke around if a program > uses user input. It depends on what the program does with the input. If it treats it appropriately, nothing can happen. > For example one can totally own a complete computer by > nothing more than a single sql injection attack even if the programmer > implemented some filters. What do yu want with filters here? Not filtering is appropriate against SQL injection, but escaping. If Little Bobby Tables is really called "Robert'); DROP TABLE STUDENTS; --", it is wrong to reject this string - instead, all dangerous characters inside it must be quoted (in this case: ') and then it does not harm at all. > Now would you say one shouldnt use sql > databases cause of that? ;) No, just beware of what can happen and use the dbs and its functions appropriately. Thomas
Back to comp.lang.python | Previous | Next — Previous in thread | Next in thread | Find similar
Pickling over a socket Roger Alexander <rtalexander@mac.com> - 2011-04-19 11:53 -0700
Re: Pickling over a socket Chris Rebert <clp2@rebertia.com> - 2011-04-19 12:21 -0700
Re: Pickling over a socket Chris Angelico <rosuav@gmail.com> - 2011-04-20 05:29 +1000
Re: Pickling over a socket Dan Stromberg <drsalists@gmail.com> - 2011-04-19 12:30 -0700
Re: Pickling over a socket Chris Angelico <rosuav@gmail.com> - 2011-04-20 05:37 +1000
Re: Pickling over a socket Roger Alexander <rtalexander@mac.com> - 2011-04-19 15:27 -0700
Re: Pickling over a socket Jean-Paul Calderone <calderone.jeanpaul@gmail.com> - 2011-04-19 19:28 -0700
Re: Pickling over a socket Bastian Ballmann <balle@chaostal.de> - 2011-04-20 08:44 +0200
Re: Pickling over a socket Chris Angelico <rosuav@gmail.com> - 2011-04-20 16:59 +1000
Re: Pickling over a socket Bastian Ballmann <balle@chaostal.de> - 2011-04-20 09:34 +0200
Re: Pickling over a socket Thomas Rachel <nutznetz-0c1b6768-bfa9-48d5-a470-7603bd3aa915@spamschutz.glglgl.de> - 2011-04-20 10:25 +0200
[OT] Re: Pickling over a socket Bastian Ballmann <balle@chaostal.de> - 2011-04-20 10:59 +0200
Re: Pickling over a socket Chris Angelico <rosuav@gmail.com> - 2011-04-20 19:26 +1000
Re: Pickling over a socket Bastian Ballmann <balle@chaostal.de> - 2011-04-20 11:41 +0200
csiph-web