Op do, 20-04-2006 te 16:27 +0100, schreef Guido van Rossum:
> On 4/20/06, Walter Dörwald <[EMAIL PROTECTED]> wrote:
> > Guido van Rossum wrote:
> > > Importing from remote URLs is a non-starter from a security POV; and
> > > using HTTPS would be too slow. For code that's known to reside
> > > remotely, a better approach is to use setuptools to install that code
> > > once and for all.
> >
> > I don't see how that changes anything from a security POV. You have to
> > trust the source in both cases.
> 
> With http, even if I trusted the source, I still shouldn't trust that
> the data I get from the URL actually came from the source. With HTTPS,
> at least man-in-the-middle attacks should be thwarted.

A man-in-the-middle-attack and other ways to "inject" a different module
than intended by the author are also possible with the current default
filesystem based imports, so I don't think that's a good argument
against http-imports (or other similar extensions to import).  In both
cases you need a way to check & control the whole chain involved
(network, OS, python, ...) to make 100% sure every step is safe, that
you really import what you intended to import...


-- 
Jan Claeys

_______________________________________________
Python-3000 mailing list
Python-3000@python.org
http://mail.python.org/mailman/listinfo/python-3000
Unsubscribe: 
http://mail.python.org/mailman/options/python-3000/archive%40mail-archive.com

Reply via email to