Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #3672
| Path | csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!aioe.org!feeder.news-service.com!news2.euro.net!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail |
|---|---|
| Return-Path | <balle@chaostal.de> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.023 |
| X-Spam-Evidence | '*H*': 0.95; '*S*': 0.00; 'sorts': 0.04; 'wed,': 0.04; 'sure.': 0.05; 'function,': 0.07; 'content- type:multipart/signed': 0.09; 'library': 0.15; 'content- type:application/pgp-signature': 0.16; 'filename:fname piece:asc': 0.16; 'filename:fname piece:signature': 0.16; 'filename:fname:signature.asc': 0.16; 'foo,': 0.16; 'input.': 0.16; 'type...': 0.16; 'header:In-Reply-To:1': 0.22; 'chris': 0.27; 'control.': 0.31; 'strings.': 0.31; 'to:addr:python-list': 0.32; 'someone': 0.33; 'using': 0.34; 'think': 0.36; 'charset:us- ascii': 0.36; 'data': 0.37; 'issue': 0.37; 'apr': 0.38; 'user': 0.38; 'but': 0.38; 'no.': 0.38; 'anything': 0.38; 'set': 0.39; 'to:addr:python.org': 0.39; 'comes': 0.39; 'where': 0.39; 'received:de': 0.39; 'header:Mime-Version:1': 0.39; "it's": 0.40; 'header:Received:5': 0.40; 'received:95': 0.60; 'happen': 0.61; '2011': 0.62; 'database.': 0.69; '"user': 0.84; 'injection': 0.84; 'schrieb': 0.84; 'subject:over': 0.84 |
| Date | Wed, 20 Apr 2011 11:41:21 +0200 |
| From | Bastian Ballmann <balle@chaostal.de> |
| To | python-list@python.org |
| Subject | Re: Pickling over a socket |
| In-Reply-To | <BANLkTinCh8+rQMQaCKaDd4RZx3j26Y8v7g@mail.gmail.com> |
| References | <61890800-f81a-4a1e-8905-a0237407f016@a21g2000prj.googlegroups.com> <BANLkTi=1d4k6QfscN_F_fPddznfQUuY6wA@mail.gmail.com> <mailman.582.1303241870.9059.python-list@python.org> <7744bf8c-0df6-4dc9-a977-7234d571643f@r4g2000prm.googlegroups.com> <7a56699d-7387-49a0-8c4f-f794df43df00@22g2000prx.googlegroups.com> <20110420084431.0480aa41@chaostal.de> <BANLkTiksqp-RMyJj8UcbquiYxHZJqeSj-w@mail.gmail.com> <20110420093419.4b83fe4b@chaostal.de> <BANLkTim59M9ti6Dq+4=UCZxg_ZiXGX=LUA@mail.gmail.com> <20110420111723.2daf2437@chaostal.de> <BANLkTinCh8+rQMQaCKaDd4RZx3j26Y8v7g@mail.gmail.com> |
| X-Mailer | Claws Mail 3.7.8 (GTK+ 2.22.1; i686-pc-linux-gnu) |
| Mime-Version | 1.0 |
| Content-Type | multipart/signed; micalg=PGP-SHA1; boundary="Sig_/y8FsjlnDuqs0xGXJaqEFfVc"; protocol="application/pgp-signature" |
| X-Virus-Scanned | Debian amavisd-new at lucy.chaostal.de |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.12 |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.632.1303292503.9059.python-list@python.org> (permalink) |
| Lines | 43 |
| NNTP-Posting-Host | 82.94.164.166 |
| X-Trace | 1303292503 news.xs4all.nl 81485 [::ffff:82.94.164.166]:52343 |
| X-Complaints-To | abuse@xs4all.nl |
| Xref | x330-a1.tempe.blueboxinc.net comp.lang.python:3672 |
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
Am Wed, 20 Apr 2011 19:26:44 +1000 schrieb Chris Angelico <rosuav@gmail.com>: > Yes, but the other half of the issue is that you have to treat > anything that comes over the network as "user input", even if you > think it's from your own program that you control. Sure. > Buffer overruns can happen in all sorts of places; SQL injection can > only happen where you talk to the database. And it IS just a matter of > using a magic auto-escape function, if your library is set up right - No. Not all data is strings. > Not at all; just never *trust* user input. Where thou typest foo, > someone someday will type... I never *trust* the user *blindly* as you do with your magic-escape-function so where do we disagree? Greets Basti
Back to comp.lang.python | Previous | Next — Previous in thread | Find similar
Pickling over a socket Roger Alexander <rtalexander@mac.com> - 2011-04-19 11:53 -0700
Re: Pickling over a socket Chris Rebert <clp2@rebertia.com> - 2011-04-19 12:21 -0700
Re: Pickling over a socket Chris Angelico <rosuav@gmail.com> - 2011-04-20 05:29 +1000
Re: Pickling over a socket Dan Stromberg <drsalists@gmail.com> - 2011-04-19 12:30 -0700
Re: Pickling over a socket Chris Angelico <rosuav@gmail.com> - 2011-04-20 05:37 +1000
Re: Pickling over a socket Roger Alexander <rtalexander@mac.com> - 2011-04-19 15:27 -0700
Re: Pickling over a socket Jean-Paul Calderone <calderone.jeanpaul@gmail.com> - 2011-04-19 19:28 -0700
Re: Pickling over a socket Bastian Ballmann <balle@chaostal.de> - 2011-04-20 08:44 +0200
Re: Pickling over a socket Chris Angelico <rosuav@gmail.com> - 2011-04-20 16:59 +1000
Re: Pickling over a socket Bastian Ballmann <balle@chaostal.de> - 2011-04-20 09:34 +0200
Re: Pickling over a socket Thomas Rachel <nutznetz-0c1b6768-bfa9-48d5-a470-7603bd3aa915@spamschutz.glglgl.de> - 2011-04-20 10:25 +0200
[OT] Re: Pickling over a socket Bastian Ballmann <balle@chaostal.de> - 2011-04-20 10:59 +0200
Re: Pickling over a socket Chris Angelico <rosuav@gmail.com> - 2011-04-20 19:26 +1000
Re: Pickling over a socket Bastian Ballmann <balle@chaostal.de> - 2011-04-20 11:41 +0200
csiph-web