Secure Python code - volunteers for code review?
Josiah Carlson
jcarlson at uci.edu
Tue Oct 12 23:52:31 EDT 2004
> I would really value it if any security aware Python guru was able to
> review the code from a security perspective. It would be good to
> ensure that python or sql code planted in an email or an attachment
> could not execute and break out of the script - or that any other
> security issue might arise. But how - I don't have anything near the
> level of Python expertise required to properly assess this script for
> security risk? If someone has the time to do a code review it would be
> much appreciated.
You can save yourself many concerns by encoding your data in some
fashion that cannot be understood by the database to mean anything. Hex
works well for that.
In terms of general script security, you should be more specific about
what you are worried about.
- Josiah
More information about the Python-list
mailing list