[issue46200] Discourage logging f-strings due to security considerations
Eric V. Smith
report at bugs.python.org
Sun Jan 2 10:21:49 EST 2022
Eric V. Smith <eric at trueblade.com> added the comment:
I think there's definitely room for improvement here, and at face value I like the debugf() functions. __format__ style formatting solves a big problem for me: being able to provide format strings for timestamps.
One thing: I'd be careful about saying that delayed formatting is always a performance win. f-strings are so much faster, that if I'm reasonable sure a message is always going to get logged, I'll use an f-string. In my case, I never log any user-supplied data, although it's obviously a risk that should be warned against.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue46200>
_______________________________________
More information about the Python-bugs-list
mailing list