RE: string interpolation for python

Path	csiph.com!usenet.pasdenom.info!weretis.net!feeder1.news.weretis.net!feeder.erje.net!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path	<cyborgv2@hotmail.com>
X-Original-To	python-list@python.org
Delivered-To	python-list@mail.python.org
X-Spam-Status	OK 0.014
X-Spam-Evidence	'H': 0.97; 'S': 0.00; 'python,': 0.02; 'resulting': 0.03; 'snippet': 0.09; 'subject:string': 0.09; "they've": 0.09; 'cc:addr:python-list': 0.10; 'subject:python': 0.11; '(well,': 0.16; 'enc': 0.16; 'in...': 0.16; 'okay': 0.16; 'print': 0.21; 'controlled': 0.21; 'header:In-Reply-To:1': 0.22; 'environment': 0.25; 'cc:2**0': 0.26; 'cc:addr:python.org': 0.28; 'password.': 0.28; 'subject:skip:i 10': 0.28; 'code:': 0.28; 'included': 0.29; 'skip:b 20': 0.30; 'connection': 0.31; 'code': 0.32; 'could': 0.32; 'certain': 0.34; 'break': 0.34; 'characters': 0.35; 'there': 0.36; 'but': 0.37; 'say': 0.37; 'subject:: ': 0.37; 'consider': 0.37; 'skip:s 20': 0.37; 'old': 0.38; 'some': 0.39; 'allow': 0.40; 'log': 0.40; 'charset:windows-1252': 0.63; 'password:': 0.65; 'increase': 0.70; 'secret': 0.71; 'to:addr:yahoo.com': 0.82; 'dial-up': 0.84; 'received:65.55.116.83': 0.91; 'received:blu0-omc3-s8.blu0.hotmail.com': 0.91
X-Originating-IP	[87.114.44.92]
From	Adrian Hunt <cyborgv2@hotmail.com>
To	<lanyjie@yahoo.com>
Subject	RE: string interpolation for python
Date	Sat, 31 Mar 2012 10:17:16 +0100
Importance	Normal
In-Reply-To	<1333174946.18436.YahooMailNeo@web121506.mail.ne1.yahoo.com>
References	<1333174946.18436.YahooMailNeo@web121506.mail.ne1.yahoo.com>
Content-Type	text/plain; charset="Windows-1252"
Content-Transfer-Encoding	quoted-printable
MIME-Version	1.0
X-OriginalArrivalTime	31 Mar 2012 09:17:16.0114 (UTC) FILETIME=[10A31B20:01CD0F1F]
Cc	python-list <python-list@python.org>
X-BeenThere	python-list@python.org
X-Mailman-Version	2.1.12
Precedence	list
List-Id	General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe	<http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive	<http://mail.python.org/pipermail/python-list>
List-Post	<mailto:python-list@python.org>
List-Help	<mailto:python-list-request@python.org?subject=help>
List-Subscribe	<http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups	comp.lang.python
Message-ID	<mailman.1176.1333185438.3037.python-list@python.org> (permalink)
Lines	35
NNTP-Posting-Host	2001:888:2000:d::a6
X-Trace	1333185438 news.xs4all.nl 6957 [2001:888:2000:d::a6]:52112
X-Complaints-To	abuse@xs4all.nl
Xref	csiph.com comp.lang.python:22415

Show key headers only | View raw

Hi Yingjie,

Consider this snippet of "safe" code:

| enc = bobsencryption.Encoder('Some secret key')
|
| username = raw_input('Enter your username:')
| password = raw_input('Enter your password:')
|
| print
| print username + ', please wait while we dial-up and log you in...'
|
| connection = server.dialup(00441635074745)
| connection.send('login ' + enc([username, password]))

Code like this could already be out there and safe-ish (well, if
they've included a little validation and error-checking.) Now consider
that your $formatting$ is added and the "company" upgrades Python,
resulting in the following:

| Enter your username: $enc.key$
| Enter your password: dontneedone
|
| Some secret key, please wait while we dial-up and log you in...

It could break old code... okay you may say you should’nt allow 
certain characters but if they're printable and used in a controlled
environment those characters can dramatically increase the security
of a username and password.



Adrian

Back to comp.lang.python | Previous | Next | Find similar | Unroll thread

Thread

RE: string interpolation for python Adrian Hunt <cyborgv2@hotmail.com> - 2012-03-31 10:17 +0100

csiph-web