[issue19082] Lib/xmlrpc/client.py demo code points to the dead server
Vajrasky Kok
report at bugs.python.org
Mon Oct 14 12:42:15 CEST 2013
Vajrasky Kok added the comment:
Hi, Senthil Kumaran, thank you for your review.
I have one small complain about your improved patch. Perhaps we need to give security warning when they want to use allow_dotted_names feature in the documentation. I omitted the warning in the demo because it is just a demo.
>From the source code (Lib/xmlrpc/server.py):
*** SECURITY WARNING: ***
Enabling the allow_dotted_names options allows intruders
to access your module's global variables and may allow
intruders to execute arbitrary code on your machine. Only
use this option on a secure, closed network.
Whether we want to give a separate example without allow_dotted_names feature or using example without allow_dotted_names feature entirely, I am not really sure.
What do you say?
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue19082>
_______________________________________
More information about the Python-bugs-list
mailing list