PEP 3131: Supporting Non-ASCII Identifiers
Steven D'Aprano
steven at REMOVE.THIS.cybersource.com.au
Sun May 13 23:42:56 EDT 2007
On Sun, 13 May 2007 20:12:23 -0700, Paul Rubin wrote:
> Steven D'Aprano <steven at REMOVE.THIS.cybersource.com.au> writes:
>> If I'm mistaken, please explain why I'm mistaken, not just repeat your
>> claim in different words.
>
> if user_entered_password != stored_password_from_database:
> password_is_correct = False
> ...
> if password_is_correct:
> log_user_in()
>
> Does "password_is_correct" refer to the same variable in both places?
No way of telling without a detailed code inspection. Who knows what
happens in the ... ? If a black hat has access to the code, he could
insert anything he liked in there, ASCII or non-ASCII.
How is this a problem with non-ASCII identifiers? password_is_correct is
all ASCII. How can you justify saying that non-ASCII identifiers
introduce a security hole that already exists in all-ASCII Python?
--
Steven.
More information about the Python-list
mailing list