Re: code review

Path	csiph.com!usenet.pasdenom.info!news.albasani.net!newsfeed.freenet.ag!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path	<kushal.kumaran+python@gmail.com>
X-Original-To	python-list@python.org
Delivered-To	python-list@mail.python.org
X-Spam-Status	OK 0.001
X-Spam-Evidence	'H': 1.00; 'S': 0.00; 'reject': 0.05; 'repository': 0.05; 'subject:code': 0.07; 'already.': 0.09; 'git': 0.09; 'long)': 0.09; 'slow.': 0.09; 'cc:addr:python-list': 0.10; 'def': 0.10; "wouldn't": 0.11; 'sat,': 0.15; '12:57': 0.16; '>on': 0.16; '>that': 0.16; '>to': 0.16; 'empty.': 0.16; 'grounds': 0.16; 'length,': 0.16; 'limit,': 0.16; 'simplified': 0.16; 'thought.': 0.16; 'wrote:': 0.17; 'thu,': 0.17; '>>>': 0.18; 'code,': 0.18; 'sender:addr:gmail.com': 0.18; 'code.': 0.20; 'variable': 0.20; 'either.': 0.22; 'cc:20': 0.23; "haven't": 0.23; 'cc:addr:python.org': 0.25; 'header:In-Reply-To:1': 0.25; 'header :User-Agent:1': 0.26; 'appreciated.': 0.26; 'am,': 0.27; 'guess': 0.27; 'prevent': 0.27; 'dos': 0.27; 'skip:> 10': 0.27; 'small,': 0.27; 'rest': 0.28; 'actual': 0.28; '-0700,': 0.29; '>>>>': 0.29; "d'aprano": 0.29; 'hash': 0.29; 'steven': 0.29; 'url:code': 0.29; 'probably': 0.29; "i'm": 0.29; 'fri,': 0.30; 'at:': 0.31; 'code': 0.31; 'point': 0.31; 'received:209.85.160.46': 0.32; 'curious': 0.33; 'that,': 0.34; "can't": 0.34; 'received:google.com': 0.34; 'project': 0.34; 'pm,': 0.35; "won't": 0.35; 'received:209.85': 0.35; 'next': 0.35; 'but': 0.36; 'received:209': 0.37; 'data': 0.37; 'subject:: ': 0.38; 'some': 0.38; 'page': 0.38; 'skip:" 10': 0.40; 'header:Received:5': 0.40; 'think': 0.40; 'your': 0.60; 'from:no real name:20': 0.60; '30,': 0.62; 'close': 0.63; 'maximum': 0.63; 'url:p': 0.63; 'jul': 0.65; "everything's": 0.84; 'limits,': 0.84; 'passwords,': 0.91; 'sorry.': 0.91; 'serious': 0.98
DKIM-Signature	v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:references:user-agent:in-reply-to:mime-version:content-type :content-transfer-encoding:subject:from:date:to:cc:message-id; bh=tC7xx8nb0e+1ajH1eOcY90wAkXqqggp3xJ+h7zPoHiA=; b=Ot+ejMtchOC9N+1jCLtWUD9L7k3Q7XtxEHyk62mRjDf2T9yhbBQ7EK09sExjmQi8WS USaVw3CbX6xMhpOJ5lMtuFsGcePWPweEoAtaNOlkOjvYW15xp1ttdl6pz+ustm53r2Bl mKigXLgR9JzOXisyYbw5Bn4Ggp4zQ+vvF4Czst2CyVDEomhU8c1OIqQ33TZlrAP/I8nU FAZD0h5fqcbdbVng5NKCGHHNNJmxF3Q+MCgtM21bgtCAFU8oa8J50Jb6TDLH7E5EFJfP cga3E/zNZubrUy5fMC76/f+QeBD9lJdYMte81um7PltOm1AoScbWkn2jSRf3S6WkcKy2 +5ew==
Sender	Kushal Kumaran <kushal.kumaran@gmail.com>
References	<mailman.1623.1340939177.4697.python-list@python.org> <6c39594f-79cb-4d4f-967e-bbc3f68cdbdf@f8g2000pbf.googlegroups.com> <4fed59b7$0$29978$c3e8da3$5496439d@news.astraweb.com> <mailman.1631.1340982202.4697.python-list@python.org> <EaAHr.369967$of1.132220@fx06.am4> <CAH8GtdMUdrpK=O5fXSBs1Xn8CmA4qZiCqN8+PJ=CZnv8jJCYUg@mail.gmail.com> <CALwzidn=8E_rvx1xdwEEx4tgz8-7ZgHnbXt65JefG=q4xkoR3Q@mail.gmail.com>
User-Agent	K-9 Mail for Android
In-Reply-To	<CALwzidn=8E_rvx1xdwEEx4tgz8-7ZgHnbXt65JefG=q4xkoR3Q@mail.gmail.com>
MIME-Version	1.0
Content-Type	text/plain; charset=UTF-8
Content-Transfer-Encoding	8bit
Subject	Re: code review
From	kushal.kumaran+python@gmail.com
Date	Wed, 04 Jul 2012 08:27:32 +0530
To	Ian Kelly <ian.g.kelly@gmail.com>
Cc	Python User <python-list@python.org>
X-BeenThere	python-list@python.org
X-Mailman-Version	2.1.12
Precedence	list
List-Id	General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe	<http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive	<http://mail.python.org/pipermail/python-list>
List-Post	<mailto:python-list@python.org>
List-Help	<mailto:python-list-request@python.org?subject=help>
List-Subscribe	<http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups	comp.lang.python
Message-ID	<mailman.1770.1341370664.4697.python-list@python.org> (permalink)
Lines	60
NNTP-Posting-Host	2001:888:2000:d::a6
X-Trace	1341370664 news.xs4all.nl 6859 [2001:888:2000:d::a6]:48193
X-Complaints-To	abuse@xs4all.nl
Xref	csiph.com comp.lang.python:24844

Show key headers only | View raw

Ian Kelly <ian.g.kelly@gmail.com> wrote:

>On Tue, Jul 3, 2012 at 11:53 AM, Kushal Kumaran
><kushal.kumaran+python@gmail.com> wrote:
>> On Sat, Jun 30, 2012 at 3:34 PM, Alister <alister.ware@ntlworld.com>
>wrote:
>>> On Fri, 29 Jun 2012 09:03:22 -0600, Littlefield, Tyler wrote:
>>>
>>>> On 6/29/2012 1:31 AM, Steven D'Aprano wrote:
>>>>> On Thu, 28 Jun 2012 20:58:15 -0700, alex23 wrote:
>>>>>
>>>>>> On Jun 29, 12:57 pm, "Littlefield, Tyler" <ty...@tysdomain.com>
>wrote:
>>>>>>> I was curious if someone wouldn't mind poking at some code. The
>>>>>>> project page is at:http://code.google.com/p/pymud Any
>information is
>>>>>>> greatly appreciated.
>>>>>> I couldn't find any actual code at that site, the git repository
>is
>>>>>> currently empty.
>>>>
>>>> OOPS, sorry. Apparently I'm not as good with git as I thought.
>>>> Everything's in the repo now.
>>>
>>> I think I may be on firmer grounds with the next few:
>>>
>>> isValidPassword can be simplified to
>>>
>>> def isValidPassword(password:
>>>         count=len(password)
>>>         return count>= mud.minpass and count<= mud.maxpass
>>>
>>
>> I haven't actually seen the rest of the code, but I would like to
>> point out that applications placing maximum length limits on
>passwords
>> are extremely annoying.
>
>They're annoying when the maximum length is unreasonably small, but
>you have to have a maximum length to close off one DoS attack vector.
>Without a limit, if a "user" presents a 1 GB password, then guess
>what?  Your system has to hash that GB of data before it can reject
>it.  And if you're serious about security then it will be a
>cryptographic hash, and that means slow.
>

Well, if you waited until you had the password (however long) in a variable before you applied your maximum limits, the DoS ship has probably sailed already. 

>To prevent that, the system needs to reject outright password attempts
>that are longer than some predetermined reasonable length, and if the
>system won't authenticate those passwords, then it can't allow the
>user to set them either.
>
>Cheers,
>Ian


-- 
regards,
kushal

Thread

code review "Littlefield, Tyler" <tyler@tysdomain.com> - 2012-06-28 20:57 -0600
  Re: code review alex23 <wuwei23@gmail.com> - 2012-06-28 20:58 -0700
    Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-06-29 07:31 +0000
      Re: code review Chris Angelico <rosuav@gmail.com> - 2012-06-29 17:42 +1000
      Re: code review "Littlefield, Tyler" <tyler@tysdomain.com> - 2012-06-29 09:03 -0600
        Re: code review Alister <alister.ware@ntlworld.com> - 2012-06-29 19:41 +0000
          Re: code review MRAB <python@mrabarnett.plus.com> - 2012-06-29 21:09 +0100
          Re: code review "Martin P. Hellwig" <martin.hellwig@gmail.com> - 2012-06-29 13:27 -0700
            Re: code review Alister <alister.ware@ntlworld.com> - 2012-06-29 20:43 +0000
              Re: code review Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2012-06-29 19:02 -0400
              Re: code review Terry Reedy <tjreedy@udel.edu> - 2012-06-29 23:02 -0400
          Re: code review "Littlefield, Tyler" <tyler@tysdomain.com> - 2012-06-29 14:49 -0600
            Re: code review Alister <alister.ware@ntlworld.com> - 2012-06-30 09:31 +0000
              Re: code review Alister <alister.ware@ntlworld.com> - 2012-06-30 09:36 +0000
          Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-06-30 02:28 +0000
            Re: code review Alister <alister.ware@ntlworld.com> - 2012-06-30 09:22 +0000
          Re: code review Terry Reedy <tjreedy@udel.edu> - 2012-06-29 23:00 -0400
        Re: code review Alister <alister.ware@ntlworld.com> - 2012-06-30 10:04 +0000
          Re: code review Peter Otten <__peter__@web.de> - 2012-06-30 12:29 +0200
            Re: code review Thomas 'PointedEars' Lahn <PointedEars@web.de> - 2012-06-30 20:39 +0200
              Re: code review Thomas Jollans <t@jollybox.de> - 2012-06-30 21:38 +0200
                Re: code review Alister <alister.ware@ntlworld.com> - 2012-06-30 20:30 +0000
                Re: code review Thomas Jollans <t@jollybox.de> - 2012-06-30 22:50 +0200
                Re: code review Alain Ketterlin <alain@dpt-info.u-strasbg.fr> - 2012-06-30 23:07 +0200
                Re: code review Thomas Jollans <t@jollybox.de> - 2012-06-30 23:35 +0200
                Re: code review Terry Reedy <tjreedy@udel.edu> - 2012-06-30 17:47 -0400
                Re: code review Thomas Jollans <t@jollybox.de> - 2012-07-01 00:05 +0200
                Re: code review Alain Ketterlin <alain@dpt-info.u-strasbg.fr> - 2012-07-01 01:03 +0200
                Re: code review Ben Finney <ben+python@benfinney.id.au> - 2012-07-01 10:08 +1000
                Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-01 10:37 +1000
                Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-01 03:23 +0000
                Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-01 13:48 +1000
                Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-01 06:54 +0000
                Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-01 16:59 +1000
                Re: code review Terry Reedy <tjreedy@udel.edu> - 2012-07-01 05:55 -0400
                Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-02 01:26 +0000
                Re: code review Albert van der Horst <albert@spenarnc.xs4all.nl> - 2012-07-13 12:30 +0000
                Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-13 15:04 +0000
                Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-14 01:36 +1000
                Re: code review rusi <rustompmody@gmail.com> - 2012-07-13 09:24 -0700
                Re: code review Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2012-07-13 16:39 -0400
                Re: code review Duncan Booth <duncan.booth@invalid.invalid> - 2012-07-16 10:43 +0000
                Re: code review Ben Finney <ben+python@benfinney.id.au> - 2012-07-16 21:34 +1000
                Re: code review Albert van der Horst <albert@spenarnc.xs4all.nl> - 2012-07-17 10:54 +0000
                Re: code review Terry Reedy <tjreedy@udel.edu> - 2012-07-13 19:09 -0400
                Re: code review Ian Kelly <ian.g.kelly@gmail.com> - 2012-07-14 03:26 -0600
                Re: code review Terry Reedy <tjreedy@udel.edu> - 2012-07-14 16:42 -0400
                Re: code review rusi <rustompmody@gmail.com> - 2012-06-30 21:07 -0700
                Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-01 14:20 +1000
                Re: code review Ben Finney <ben+python@benfinney.id.au> - 2012-07-01 17:28 +1000
                Re: code review Thomas Jollans <t@jollybox.de> - 2012-07-01 09:46 +0200
                Re: code review HoneyMonster <nobody@someplace.invalid> - 2012-07-01 20:53 +0000
                Re: code review Devin Jeanpierre <jeanpierreda@gmail.com> - 2012-07-01 05:18 -0400
                Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-02 00:41 +0000
                Re: code review Devin Jeanpierre <jeanpierreda@gmail.com> - 2012-07-01 21:40 -0400
                Re: code review Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2012-07-01 13:41 -0400
                Re: code review John O'Hagan <research@johnohagan.com> - 2012-07-02 14:43 +1000
                Re: Re: code review Evan Driscoll <driscoll@cs.wisc.edu> - 2012-06-30 23:45 -0500
                Re: Re: code review Thomas 'PointedEars' Lahn <PointedEars@web.de> - 2012-07-01 08:57 +0200
                Re: code review Alister <alister.ware@ntlworld.com> - 2012-07-01 09:54 +0000
                Re: Re: code review Evan Driscoll <driscoll@cs.wisc.edu> - 2012-07-01 10:48 -0500
                Re: Re: code review lars van gemerden <lars@rational-it.com> - 2012-07-06 04:22 -0700
                Re: Re: code review lars van gemerden <lars@rational-it.com> - 2012-07-06 04:22 -0700
                Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-06 13:58 +0000
                Re: code review Roy Smith <roy@panix.com> - 2012-07-13 08:32 -0700
                Re: code review Evan Driscoll <driscoll@cs.wisc.edu> - 2012-06-30 23:57 -0500
                Re: code review Thomas 'PointedEars' Lahn <PointedEars@web.de> - 2012-07-01 09:04 +0200
                Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-01 02:06 +0000
                Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-01 12:20 +1000
                Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-01 04:17 +0000
                Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-01 14:23 +1000
                Re: code review Steven D'Aprano <steve+usenet@pearwood.info> - 2012-07-01 06:27 +0000
                Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-01 16:33 +1000
                Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-02 01:28 +0000
                Re: code review Devin Jeanpierre <jeanpierreda@gmail.com> - 2012-07-01 21:50 -0400
                Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-02 07:29 +0000
                Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-02 12:04 +1000
                Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-02 08:11 +0000
                Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-02 18:20 +1000
                Re: code review Rick Johnson <rantingrickjohnson@gmail.com> - 2012-07-02 08:57 -0700
                Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-03 02:42 +1000
                Re: code review Rick Johnson <rantingrickjohnson@gmail.com> - 2012-07-02 11:22 -0700
                Re: code review Thomas Jollans <t@jollybox.de> - 2012-07-02 21:06 +0200
                Re: code review Rick Johnson <rantingrickjohnson@gmail.com> - 2012-07-02 12:35 -0700
                Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-03 07:57 +1000
                Re: code review Neil Cerutti <neilc@norwich.edu> - 2012-07-03 12:19 +0000
                Re: code review Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2012-07-02 01:20 -0400
                Re: code review Thomas Jollans <t@jollybox.de> - 2012-07-02 16:41 +0200
                Re: code review Terry Reedy <tjreedy@udel.edu> - 2012-07-02 11:33 -0400
                Re: code review Thomas Jollans <t@jollybox.de> - 2012-07-01 09:35 +0200
                Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-02 00:43 +0000
                Re: code review Thomas Jollans <t@jollybox.de> - 2012-07-02 16:26 +0200
                Re: code review Rick Johnson <rantingrickjohnson@gmail.com> - 2012-07-02 08:16 -0700
                Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-03 02:55 +1000
                Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-03 00:57 +0000
                Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-03 11:22 +1000
                Re: code review John O'Hagan <research@johnohagan.com> - 2012-07-03 12:25 +1000
                Re: code review Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-07-03 04:11 +0000
                Re: code review Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2012-07-03 02:09 -0400
                Re: code review Roy Smith <roy@panix.com> - 2012-07-03 08:33 -0400
                Re: code review Mark Lawrence <breamoreboy@yahoo.co.uk> - 2012-07-03 16:53 +0100
                Re: code review Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2012-07-03 17:32 -0400
                Re: code review rusi <rustompmody@gmail.com> - 2012-07-02 22:10 -0700
                Re: code review Ben Finney <ben+python@benfinney.id.au> - 2012-07-03 15:46 +1000
                Re: code review John O'Hagan <research@johnohagan.com> - 2012-07-04 00:59 +1000
                Re: code review Mark Lawrence <breamoreboy@yahoo.co.uk> - 2012-07-03 16:50 +0100
                Re: code review Paul Rudin <paul.nospam@rudin.co.uk> - 2012-07-04 10:29 +0100
                Re: code review Mark Lawrence <breamoreboy@yahoo.co.uk> - 2012-07-04 17:25 +0100
                Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-04 01:53 +1000
                Re: code review Mark Lawrence <breamoreboy@yahoo.co.uk> - 2012-07-03 17:05 +0100
                Re: code review Dave Angel <d@davea.name> - 2012-07-03 16:13 -0400
                Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-04 07:54 +1000
                Re: code review Mark Lawrence <breamoreboy@yahoo.co.uk> - 2012-07-04 09:28 +0100
                Re: code review rusi <rustompmody@gmail.com> - 2012-06-30 19:37 -0700
                Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-01 09:25 +1000
                Re: code review Thomas Jollans <t@jollybox.de> - 2012-07-01 01:50 +0200
                Re: code review "Martin P. Hellwig" <martin.hellwig@gmail.com> - 2012-06-30 14:48 -0700
                Re: code review Ian Kelly <ian.g.kelly@gmail.com> - 2012-07-02 13:16 -0600
            Re: code review Alister <alister.ware@ntlworld.com> - 2012-06-30 20:25 +0000
          Re: code review Kushal Kumaran <kushal.kumaran+python@gmail.com> - 2012-07-03 23:23 +0530
            Re: code review John Gordon <gordon@panix.com> - 2012-07-03 18:18 +0000
              Re: code review Ian Kelly <ian.g.kelly@gmail.com> - 2012-07-03 12:27 -0600
              Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-04 07:51 +1000
          Re: code review Ian Kelly <ian.g.kelly@gmail.com> - 2012-07-03 12:19 -0600
          Re: code review kushal.kumaran+python@gmail.com - 2012-07-04 08:27 +0530
          Re: code review Chris Angelico <rosuav@gmail.com> - 2012-07-04 13:53 +1000
          Re: code review Simon Cropper <simoncropper@fossworkflowguides.com> - 2012-07-04 14:55 +1000
          Re: code review "Littlefield, Tyler" <tyler@tysdomain.com> - 2012-07-03 23:39 -0600
            Re: code review alex23 <wuwei23@gmail.com> - 2012-07-03 23:17 -0700
              Re: code review rusi <rustompmody@gmail.com> - 2012-07-04 00:05 -0700
          Apology for OT posts (was: code review) John O'Hagan <research@johnohagan.com> - 2012-07-06 12:06 +1000
          Re: Apology for OT posts Simon Cropper <simoncropper@fossworkflowguides.com> - 2012-07-06 15:30 +1000
          Re: Apology for OT posts Chris Angelico <rosuav@gmail.com> - 2012-07-06 17:45 +1000
          Re: Apology for OT posts Mark Lawrence <breamoreboy@yahoo.co.uk> - 2012-07-06 10:37 +0100

csiph-web