Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!news.albasani.net!feeder.news-service.com!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.014 X-Spam-Evidence: '*H*': 0.97; '*S*': 0.00; 'escape': 0.04; 'wed,': 0.04; 'content-type:multipart/signed': 0.09; 'bobby': 0.16; 'content-type:application/pgp-signature': 0.16; 'filename:fname piece:asc': 0.16; 'filename:fname piece:signature': 0.16; 'filename:fname:signature.asc': 0.16; 'input.': 0.16; 'rachel': 0.16; 'subject:] ': 0.16; 'seems': 0.21; 'appropriate': 0.21; 'header:In-Reply-To:1': 0.22; 'happen.': 0.23; 'here?': 0.23; '+0200': 0.25; '(in': 0.27; 'string': 0.29; 'depends': 0.29; 'tables': 0.29; 'forgot': 0.29; 'instead,': 0.29; 'all.': 0.30; 'filtering': 0.31; 'harm': 0.31; 'strings,': 0.31; 'does': 0.31; 'called': 0.32; 'to:addr:python-list': 0.32; 'subject:[': 0.34; 'characters': 0.35; 'question': 0.35; 'charset:us-ascii': 0.36; 'table': 0.37; 'apr': 0.38; 'but': 0.38; 'to:addr:python.org': 0.39; 'received:de': 0.39; 'header:Mime-Version:1': 0.39; 'header:Received:5': 0.40; 'received:95': 0.60; '2011': 0.62; 'dangerous': 0.65; 'escaping': 0.84; 'schrieb': 0.84; 'subject:over': 0.84 Date: Wed, 20 Apr 2011 10:59:33 +0200 From: Bastian Ballmann To: python-list@python.org Subject: [OT] Re: Pickling over a socket In-Reply-To: References: <61890800-f81a-4a1e-8905-a0237407f016@a21g2000prj.googlegroups.com> <7744bf8c-0df6-4dc9-a977-7234d571643f@r4g2000prm.googlegroups.com> <7a56699d-7387-49a0-8c4f-f794df43df00@22g2000prx.googlegroups.com> <20110420084431.0480aa41@chaostal.de> X-Mailer: Claws Mail 3.7.8 (GTK+ 2.22.1; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/pOWjjbpA9Ckqz/ybvCl.cLw"; protocol="application/pgp-signature" X-Virus-Scanned: Debian amavisd-new at lucy.chaostal.de X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 43 NNTP-Posting-Host: 82.94.164.166 X-Trace: 1303289998 news.xs4all.nl 81475 [::ffff:82.94.164.166]:49686 X-Complaints-To: abuse@xs4all.nl Xref: x330-a1.tempe.blueboxinc.net comp.lang.python:3670 --Sig_/pOWjjbpA9Ckqz/ybvCl.cLw Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Am Wed, 20 Apr 2011 10:25:14 +0200 schrieb Thomas Rachel : > It depends on what the program does with the input. If it treats it=20 > appropriately, nothing can happen. Yes, but the question seems to be what is appropriately. =20 > What do yu want with filters here? Not filtering is appropriate > against SQL injection, but escaping. Escaping in strings, filtering with numbers etc. =20 > If Little Bobby Tables is really called "Robert'); DROP TABLE > STUDENTS; --", it is wrong to reject this string - instead, all > dangerous characters inside it must be quoted (in this case: ') and > then it does not harm at all. Well you forgot to escape ; and \ but this seems to slide into OT ;) Greets Basti --Sig_/pOWjjbpA9Ckqz/ybvCl.cLw Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk2uoHUACgkQEQHD8bvs9q1biACfcgvU3T2qAnkoZuCYEMPnij8y R6UAnRiiyuT69xaNUbuiPcwWjRasdcFc =OoEx -----END PGP SIGNATURE----- --Sig_/pOWjjbpA9Ckqz/ybvCl.cLw--