Why Is Escaping Data Considered So Magical?
Tim Chase
python.list at tim.thechases.com
Fri Jun 25 23:29:23 EDT 2010
On 06/25/2010 07:49 PM, Lawrence D'Oliveiro wrote:
>> In the Python example, that would be something like
>> os.popen2(['zcat', '-f', '--', untrusted]).
>
> That’s what I mean. Why do people consider input sanitization
> so hard?
It's hard because it requires thinking. Sadly, many of the
people I know who call themselves programmers couldn't code their
way out of a paper bag, let alone think logically about the
security implications of their code.[1]
-tkc
[1] much of which ends up being cargo-cult programming,
cut-n-paste'd from Google search-results.
More information about the Python-list
mailing list