string interpolation for python
Adrian Hunt
cyborgv2 at hotmail.com
Sat Mar 31 05:17:16 EDT 2012
Hi Yingjie,
Consider this snippet of "safe" code:
| enc = bobsencryption.Encoder('Some secret key')
|
| username = raw_input('Enter your username:')
| password = raw_input('Enter your password:')
|
| print
| print username + ', please wait while we dial-up and log you in...'
|
| connection = server.dialup(00441635074745)
| connection.send('login ' + enc([username, password]))
Code like this could already be out there and safe-ish (well, if
they've included a little validation and error-checking.) Now consider
that your $formatting$ is added and the "company" upgrades Python,
resulting in the following:
| Enter your username: $enc.key$
| Enter your password: dontneedone
|
| Some secret key, please wait while we dial-up and log you in...
It could break old code... okay you may say you should’nt allow
certain characters but if they're printable and used in a controlled
environment those characters can dramatically increase the security
of a username and password.
Adrian
More information about the Python-list
mailing list