web security question.
Jeff Epler
jepler at unpythonic.net
Sat May 15 10:40:47 EDT 2004
There's no reason to believe that the implementation of Python,
written in C, is free from buffer overflow bugs, string format bugs, or
any other of the classes of bugs that affect C programs.
There's no reason to believe that the implementation of Python doesn't
behave according to documentation (in the case of some built-in type,
standard module, or language feature), leading to seemingly correct code
having security consequences.
There's no reason to believe that any particular program written in
Python doesn't have bugs that could negatively impact security.
That said, I'm generally positive about Python security. The basic
implementation is pretty solid (important object types, like dicts, lists and
strings are all dynamically-sized and this code is tested every day by every
Python user), there is a large test suite, the documentation tends to
match the implementation closely, and programs written in the Python
language do not perform the kinds of low-level operations that lead to
buffer overflow bugs.
Jeff
More information about the Python-list
mailing list