Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #97332
| Path | csiph.com!news.swapon.de!newsfeed.fsmpi.rwth-aachen.de!newsfeed.straub-nv.de!feeds.phibee-telecom.net!newsfeed.xs4all.nl!newsfeed7.news.xs4all.nl!nzpost1.xs4all.net!not-for-mail |
|---|---|
| Return-Path | <python-python-list@m.gmane.org> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.001 |
| X-Spam-Evidence | '*H*': 1.00; '*S*': 0.00; 'subject:Python': 0.05; 'api': 0.09; 'already.': 0.09; 'percentage': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'snippet': 0.09; 'vast': 0.09; 'thread': 0.10; 'python': 0.10; "hasn't": 0.15; '[1].': 0.16; 'anyone?': 0.16; 'code?': 0.16; 'elsewhere,': 0.16; 'from:addr:behnel.de': 0.16; 'from:addr:stefan_ml': 0.16; 'from:name:stefan behnel': 0.16; 'jmp': 0.16; 'received:80.91.229.3': 0.16; 'received:plane.gmane.org': 0.16; 'validation.': 0.16; 'stefan': 0.18; 'input': 0.18; 'assuming': 0.22; 'context.': 0.22; 'subject: .': 0.22; 'visible': 0.22; 'leave': 0.23; 'bit': 0.23; 'somewhere': 0.24; 'header:In-Reply- To:1': 0.24; 'header:User-Agent:1': 0.26; 'command': 0.26; 'header:X-Complaints-To:1': 0.26; 'rest': 0.26; 'equivalent': 0.27; 'least': 0.27; 'thorough': 0.27; 'idea': 0.28; 'interface': 0.29; 'concern': 0.29; 'comments': 0.30; 'code': 0.30; 'programmers': 0.30; 'certain': 0.31; '[1]': 0.32; 'possibly': 0.32; 'run': 0.33; 'safely': 0.33; 'so,': 0.35; 'acceptable': 0.35; 'comment': 0.35; 'problem.': 0.35; 'but': 0.36; 'should': 0.36; 'there': 0.36; 'cases': 0.36; 'to:addr:python-list': 0.36; 'subject:: ': 0.37; 'really': 0.37; 'received:org': 0.37; "won't": 0.38; 'wrong': 0.38; 'building': 0.38; 'someone': 0.38; 'subject:from': 0.39; 'to:addr:python.org': 0.40; 'received:de': 0.40; 'some': 0.40; 'future': 0.60; 'care': 0.60; 'internet,': 0.61; 'different': 0.63; 'complete': 0.63; 'trusted': 0.64; 'safety': 0.66; 'production': 0.67; 'conditions,': 0.84; 'fun)': 0.84; 'not)': 0.84; 'probable': 0.84; 'audit': 0.93 |
| X-Injected-Via-Gmane | http://gmane.org/ |
| To | python-list@python.org |
| From | Stefan Behnel <stefan_ml@behnel.de> |
| Subject | Re: Create a .lua fle from Python |
| Date | Fri, 2 Oct 2015 13:49:05 +0200 |
| References | <CAMxmM6bhyHUpQXxnwO-OiesppP6mRM74=dA37VJwV212MZGyUw@mail.gmail.com> <mueeef$d31$1@ger.gmane.org> <muehno$19e$1@ger.gmane.org> <mailman.265.1443604877.28679.python-list@python.org> <560d85ba$0$1591$c3e8da3$5496439d@news.astraweb.com> <mulh8f$ck0$1@ger.gmane.org> |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=utf-8 |
| Content-Transfer-Encoding | 7bit |
| X-Gmane-NNTP-Posting-Host | ipservice-092-211-041-087.092.211.pools.vodafone-ip.de |
| X-Enigmail-Draft-Status | N1110 |
| User-Agent | Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 |
| In-Reply-To | <mulh8f$ck0$1@ger.gmane.org> |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.20+ |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list/> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.336.1443786569.28679.python-list@python.org> (permalink) |
| Lines | 33 |
| NNTP-Posting-Host | 2001:888:2000:d::a6 |
| X-Trace | 1443786569 news.xs4all.nl 23738 [2001:888:2000:d::a6]:46553 |
| X-Complaints-To | abuse@xs4all.nl |
| Xref | csiph.com comp.lang.python:97332 |
Show key headers only | View raw
jmp schrieb am 02.10.2015 um 11:03: > Safety is like speed optimization, you care about it only when it can be a > problem. And the vast majority (there's a recent trolling thread about the > equivalent percentage of vast majority if you want to have fun) of python > code may run on trusted networks. Meaning it's probable you are wrong when > assuming security of a python snippet is a concern. Writing code "for internal use only" is ok, but there is never a guarantee that some of that code won't be reused elsewhere, in an entirely different context. Or that someone comes up with the idea of adding a REST API frontend, now that there is a command line interface [1]. If that happens, I assure you that at least in some cases (be it the "vast majority" or not) there will be no thorough security audit up-front. Because, you know - it's code that works and is production proven already. Possibly for years and years, and through generations of employees, all experienced and trusted. What can possibly be wrong with such code? So, it's acceptable to write such code under certain conditions, but at least someone should leave a visible comment somewhere (as Peter rightfully did in this case) that the input is not safely validated, so that future generations of programmers can see immediately that a) security hasn't been a concern when writing it and b) the author was in fact not a complete moron, not knowing a bit about the basics of input validation. It really helps in trust building to find such comments from time to time. Stefan [1] mainframes on the Internet, anyone?
Back to comp.lang.python | Previous | Next — Previous in thread | Find similar | Unroll thread
Re: Create a .lua fle from Python jmp <jeanmichel@sequans.com> - 2015-09-30 11:21 +0200
Re: Create a .lua fle from Python Steven D'Aprano <steve@pearwood.info> - 2015-10-02 05:12 +1000
Re: Create a .lua fle from Python jmp <jeanmichel@sequans.com> - 2015-10-02 11:03 +0200
Re: Create a .lua fle from Python Stefan Behnel <stefan_ml@behnel.de> - 2015-10-02 13:49 +0200
csiph-web