how to replace and string in a "SELECT ... IN ()"
Tino Wildenhain
tino at wildenhain.de
Sat Sep 27 10:14:31 EDT 2008
Hi,
Michael Mabin wrote:
> so you wouldn't object then to something like
>
> '.... in (%)' % ','.join([str_edit_for_exploit(x) for x in aList])
>
> if str_edit_for_exploit applied security edits?
Whats an security edit btw? If it is something meant to turn possibly
insecure data into 'secure' then, no I would still object.
Why? Because its a bad example of "default permit". Its always better
to have a whitelist - even more so when its so easy to do.
Its just a habit you develope - if you never do it right, how would you
know when and how to do it right when you need to?
Tino
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/python-list/attachments/20080927/1b1daf92/attachment.bin>
More information about the Python-list
mailing list