Path: csiph.com!usenet.pasdenom.info!weretis.net!feeder1.news.weretis.net!feeder.erje.net!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <cyborgv2@hotmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.014
X-Spam-Evidence: '*H*': 0.97; '*S*': 0.00; 'python,': 0.02; 'resulting': 0.03; 'snippet': 0.09; 'subject:string': 0.09; "they've": 0.09; 'cc:addr:python-list': 0.10; 'subject:python': 0.11; '(well,': 0.16; 'enc': 0.16; 'in...': 0.16; 'okay': 0.16; 'print': 0.21; 'controlled': 0.21; 'header:In-Reply-To:1': 0.22; 'environment': 0.25; 'cc:2**0': 0.26; 'cc:addr:python.org': 0.28; 'password.': 0.28; 'subject:skip:i 10': 0.28; 'code:': 0.28; 'included': 0.29; 'skip:b 20': 0.30; 'connection': 0.31; 'code': 0.32; 'could': 0.32; 'certain': 0.34; 'break': 0.34; 'characters': 0.35; 'there': 0.36; 'but': 0.37; 'say': 0.37; 'subject:: ': 0.37; 'consider': 0.37; 'skip:s 20': 0.37; 'old': 0.38; 'some': 0.39; 'allow': 0.40; 'log': 0.40; 'charset:windows-1252': 0.63; 'password:': 0.65; 'increase': 0.70; 'secret': 0.71; 'to:addr:yahoo.com': 0.82; 'dial-up': 0.84; 'received:65.55.116.83': 0.91; 'received:blu0-omc3-s8.blu0.hotmail.com': 0.91
X-Originating-IP: [87.114.44.92]
From: Adrian Hunt <cyborgv2@hotmail.com>
To: <lanyjie@yahoo.com>
Subject: RE: string interpolation for python
Date: Sat, 31 Mar 2012 10:17:16 +0100
Importance: Normal
In-Reply-To: <1333174946.18436.YahooMailNeo@web121506.mail.ne1.yahoo.com>
References: <CABgq=FyhR+Ldujj3YKRBpVXRVoeoayuXZviUUcNx-gXnFiHLSw@mail.gmail.com>, <CACoeR0xV=28j6rFHm1ep3gzH9C0sbDqyxRRwX-JrVm3G+rrXww@mail.gmail.com>, <1333174946.18436.YahooMailNeo@web121506.mail.ne1.yahoo.com>
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 31 Mar 2012 09:17:16.0114 (UTC) FILETIME=[10A31B20:01CD0F1F]
Cc: python-list <python-list@python.org>
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.1176.1333185438.3037.python-list@python.org>
Lines: 35
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1333185438 news.xs4all.nl 6957 [2001:888:2000:d::a6]:52112
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:22415


Hi Yingjie=2C

Consider this snippet of "safe" code:

| enc =3D bobsencryption.Encoder('Some secret key')
|
| username =3D raw_input('Enter your username:')
| password =3D raw_input('Enter your password:')
|
| print
| print username + '=2C please wait while we dial-up and log you in...'
|
| connection =3D server.dialup(00441635074745)
| connection.send('login ' + enc([username=2C password]))

Code like this could already be out there and safe-ish (well=2C if
they've included a little validation and error-checking.) Now consider
that your $formatting$ is added and the "company" upgrades Python=2C
resulting in the following:

| Enter your username: $enc.key$
| Enter your password: dontneedone
|
| Some secret key=2C please wait while we dial-up and log you in...

It could break old code... okay you may say you should=92nt allow=20
certain characters but if they're printable and used in a controlled
environment those characters can dramatically increase the security
of a username and password.



Adrian
 		 	   		  =