configparser v/s file variables
Steven D'Aprano
steve+comp.lang.python at pearwood.info
Wed Jun 27 18:19:04 EDT 2018
On Wed, 27 Jun 2018 12:15:23 -0700, Jim Lee wrote:
> It seems a bit silly to me to worry about arbitrary code execution
> in
> an interpreted language like Python whose default runtime execution
> method is to parse the source code directly. An attacker would be far
> more likely to simply modify the source to achieve his ends rather than
> try to inject a payload externally.
Spoken like a single user on a single-user machine who has administrator
privileges and can write to anything anywhere.
--
Steven D'Aprano
"Ever since I learned about confirmation bias, I've been seeing
it everywhere." -- Jon Ronson
More information about the Python-list
mailing list