Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #22415
| From | Adrian Hunt <cyborgv2@hotmail.com> |
|---|---|
| Subject | RE: string interpolation for python |
| Date | 2012-03-31 10:17 +0100 |
| References | <1333174946.18436.YahooMailNeo@web121506.mail.ne1.yahoo.com> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.1176.1333185438.3037.python-list@python.org> (permalink) |
Hi Yingjie,
Consider this snippet of "safe" code:
| enc = bobsencryption.Encoder('Some secret key')
|
| username = raw_input('Enter your username:')
| password = raw_input('Enter your password:')
|
| print
| print username + ', please wait while we dial-up and log you in...'
|
| connection = server.dialup(00441635074745)
| connection.send('login ' + enc([username, password]))
Code like this could already be out there and safe-ish (well, if
they've included a little validation and error-checking.) Now consider
that your $formatting$ is added and the "company" upgrades Python,
resulting in the following:
| Enter your username: $enc.key$
| Enter your password: dontneedone
|
| Some secret key, please wait while we dial-up and log you in...
It could break old code... okay you may say you should’nt allow
certain characters but if they're printable and used in a controlled
environment those characters can dramatically increase the security
of a username and password.
Adrian
Back to comp.lang.python | Previous | Next | Find similar | Unroll thread
RE: string interpolation for python Adrian Hunt <cyborgv2@hotmail.com> - 2012-03-31 10:17 +0100
csiph-web