why use special config formats?
Steve Holden
steve at holdenweb.com
Sat Mar 11 10:44:18 EST 2006
gangesmaster wrote:
>>Huh? You think a competent sys admin can't learn enough Python to hack
>>your pickled file?
>>
>>Binary configs only keep out legitimate users who don't have the time or
>>ability to learn how to hack the binary format. Black hats and power users
>>will break your binary format and hack them anyway.
>
>
> then you dont know what pickle is. pickle code is NOT python bytecode.
> it's a bytecode they made in order to represent objects. you cannot
> "exploit" in in the essence of running arbitrary code, unless you find
> a bug in the pickle module. and that's less likely than you find a bug
> in the parser of the silly config file formats you use.
>
> i'm not hiding the configuration in "binary files", that's not the
> point. pickle is just more secure by definition.
>
> aah. you all are too stupid.
>
Great way to win an argument. Pity we aren't as intelligent as you ...
regards
Steve
--
Steve Holden +44 150 684 7255 +1 800 494 3119
Holden Web LLC/Ltd www.holdenweb.com
Love me, love my blog holdenweb.blogspot.com
More information about the Python-list
mailing list