[Tutor] What are security holes?
Mishre
mishre at hushmail.com
Sun Jan 27 21:33:05 EST 2002
[snip]
> | One way around this is to use Gordon McMillan's Installer[1] to create
> | standalone programs, which do not require Python to be installed.
>
> As I understand it, the program still requires python. The only
> difference is the installer has python bundled with the program so the
> end-user doesn't (necessarily) realize that. It is just an installer,
> not a compiler.
>
> -D
Technically, yes. :)
When the interpreter is include in the result, it would prevent
unauthorized use of the interpreter. Unless the attacker knows that
you are using the bundled interpreter and can access it from their
program. However, this would require that they know to search for it,
how to use it from their new script and the libs that are available.
-M
More information about the Python-list
mailing list