Op do, 20-04-2006 te 16:27 +0100, schreef Guido van Rossum: > On 4/20/06, Walter Dörwald <[EMAIL PROTECTED]> wrote: > > Guido van Rossum wrote: > > > Importing from remote URLs is a non-starter from a security POV; and > > > using HTTPS would be too slow. For code that's known to reside > > > remotely, a better approach is to use setuptools to install that code > > > once and for all. > > > > I don't see how that changes anything from a security POV. You have to > > trust the source in both cases. > > With http, even if I trusted the source, I still shouldn't trust that > the data I get from the URL actually came from the source. With HTTPS, > at least man-in-the-middle attacks should be thwarted.
A man-in-the-middle-attack and other ways to "inject" a different module than intended by the author are also possible with the current default filesystem based imports, so I don't think that's a good argument against http-imports (or other similar extensions to import). In both cases you need a way to check & control the whole chain involved (network, OS, python, ...) to make 100% sure every step is safe, that you really import what you intended to import... -- Jan Claeys _______________________________________________ Python-3000 mailing list Python-3000@python.org http://mail.python.org/mailman/listinfo/python-3000 Unsubscribe: http://mail.python.org/mailman/options/python-3000/archive%40mail-archive.com
