[Python-ideas] pytaint: taint tracking in python
Nick Coghlan
ncoghlan at gmail.com
Mon Oct 14 15:15:06 CEST 2013
On 14 October 2013 22:25, Felix Gröbert <felix at groebert.org> wrote:
> We think it's a very useful feature for developing most of webapps and other
> security-sensitive application in Python, any thoughts on this?
It's definitely an interesting idea, and the idea of pursuing it
initially as a separate project to optionally harden Python 2
applications is a good one.
Longer term, before it can be considered for inclusion as a language feature:
1. It needs to work with Python 3 (which has a substantially different
text model), as Python 2 is no longer receiving new features.
2. The performance impact needs to be assessed when the feature is
disabled (the default) and when various sources and sinks are defined.
The performance numbers comparing http://hg.python.org/benchmarks/
between vanilla CPython 2.7.5 and pytaint may also be of interest to
potential users of the Python 2.7 version.
Cheers,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Python-ideas
mailing list