Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #22415 > unrolled thread
| Started by | Adrian Hunt <cyborgv2@hotmail.com> |
|---|---|
| First post | 2012-03-31 10:17 +0100 |
| Last post | 2012-03-31 10:17 +0100 |
| Articles | 1 — 1 participant |
Back to article view | Back to comp.lang.python
This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by
below is the oldest one visible, not the original post.
RE: string interpolation for python Adrian Hunt <cyborgv2@hotmail.com> - 2012-03-31 10:17 +0100
| From | Adrian Hunt <cyborgv2@hotmail.com> |
|---|---|
| Date | 2012-03-31 10:17 +0100 |
| Subject | RE: string interpolation for python |
| Message-ID | <mailman.1176.1333185438.3037.python-list@python.org> |
Hi Yingjie,
Consider this snippet of "safe" code:
| enc = bobsencryption.Encoder('Some secret key')
|
| username = raw_input('Enter your username:')
| password = raw_input('Enter your password:')
|
| print
| print username + ', please wait while we dial-up and log you in...'
|
| connection = server.dialup(00441635074745)
| connection.send('login ' + enc([username, password]))
Code like this could already be out there and safe-ish (well, if
they've included a little validation and error-checking.) Now consider
that your $formatting$ is added and the "company" upgrades Python,
resulting in the following:
| Enter your username: $enc.key$
| Enter your password: dontneedone
|
| Some secret key, please wait while we dial-up and log you in...
It could break old code... okay you may say you should’nt allow
certain characters but if they're printable and used in a controlled
environment those characters can dramatically increase the security
of a username and password.
Adrian
Back to top | Article view | comp.lang.python
csiph-web