[Python-Dev] Hash collision security issue (now public)
Tres Seaver
tseaver at palladion.com
Thu Jan 5 20:49:53 CET 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/05/2012 02:14 PM, Glenn Linderman wrote:
> 1) the security problem is not in CPython, but rather in web servers
> that use dict inappropriately.
Most webapp vulnerabilities are due to their use of Python's cgi module,
which it uses a dict to hold the form / query string data being supplied
by untrusted external users.
Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk8F/uEACgkQ+gerLs4ltQ679QCgqKPYYwEetKR3bEMVh5eukLin
cA8An3XJMYWhK5MutjbOCxCfYzKXmDzc
=V3lh
-----END PGP SIGNATURE-----
More information about the Python-Dev
mailing list