[Python-Dev] PEP 215 redux: toward a simplified consensus?
Martin v. Loewis
martin@v.loewis.de
25 Feb 2002 23:25:48 +0100
barry@zope.com (Barry A. Warsaw) writes:
> JE> i.e., the translator (or other person who can influence the
> JE> format string) can access other information in the dict you
> JE> pass in, even if you didn't intend it.
>
> That's a very interesting vulnerability you bring up!
That's not a vulnerability. It assumes that the translator is an
attacker, or that the attacker can change the catalogs. If he is or
can, you could not trust them, anyway, as they could cause arbitrary
other failures, as well.
Regards,
Martin