[Tutor] [support@deltawebhosting.com: Re: Python cgi
Terry Carroll
carroll at tjc.com
Thu Dec 25 10:01:17 EST 2003
On Thu, 25 Dec 2003, Alan Gauld wrote:
> Python has a restricted execution mode, how does it differ from
> Perl's?
Python doesn't have restricted execution any longer, does it? My
understanding is that it wasn't really robust and could be circumvented,
and it was dropped in 2.3.
> And what is tainting? I've never heard of that before?
Perl has a "taint" mode, in which variables can be classified as secure or
insecure ("tainted"), based on whther their content comes, directly or
indirectly, from user input. In this mode, a tainted variable cannot be
used in any statement that modifies a file or process.
So, if Python had a taint mode, it would work something like this:
name=raw_input("enter your name") # name is tainted
filein = name + ".input" # filein is also tainted
fileout = name + ".output" # as is fileout
print "Hello, %s, your info will be taken from %s and will be saved to %s"
% (name, filename) # okay, even with tainted variables
f_in=open(filein,"r") # okay; although filein is tainted,
# this is a read-only file operation
f_out=open(fileout,"w") # exception; operation on a file that
# modifies it, using tainted variable
# fileout
--
Terry Carroll
Santa Clara, CA
carroll at tjc.com
More information about the Tutor
mailing list