[Python-checkins] r51652 - python/branches/bcannon-objcap/securing_python.txt
brett.cannon
python-checkins at python.org
Wed Aug 30 20:58:44 CEST 2006
Author: brett.cannon
Date: Wed Aug 30 20:58:44 2006
New Revision: 51652
Modified:
python/branches/bcannon-objcap/securing_python.txt
Log:
Clean up 'import' section of 'Implementation'.
Modified: python/branches/bcannon-objcap/securing_python.txt
==============================================================================
--- python/branches/bcannon-objcap/securing_python.txt (original)
+++ python/branches/bcannon-objcap/securing_python.txt Wed Aug 30 20:58:44 2006
@@ -430,9 +430,7 @@
be imported. All .py files will be imported.
XXX perhaps augment 'sys' so that you list the extension of files that
-can be used for importing? Thought this was controlled somewhere
-already but can't find it. It is returned by ``imp.get_suffixes()``,
-but I can't find where to set it from Python code.
+can be used for importing? It is returned by ``imp.get_suffixes()``.
It must be warned that importing any C extension module is dangerous.
Not only are they able to circumvent security measures by executing C
@@ -470,6 +468,9 @@
function create a new import function based on an interpreter passed
in, etc.).
+One can also implement a PEP 302 import object that takes the proper
+precautions of not exposing power needlessly.
+
Sanitizing Built-In Types
-------------------------
More information about the Python-checkins
mailing list