On 1/12/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > On 12:37 am, [EMAIL PROTECTED] wrote: > > >For security reasons I might be asking for file's constructor to be > >removed from the type for Python source code at some point (it can be > >relocated to an extension module if desired). By forcing people to go > >through open() to create a file object you can more easily control > >read/write access to the file system (assuming the proper importation > >of extension modules has been blocked). Not removing the constructor > >allows any code that has been explicitly given a file object but not > >open() to just get the class and call the constructor to open a new > >file. > > This is a general problem with type access. Secure versions of any type > should not allow access to the type period. It is hardly unique to files, > and is not limited to constructors either. How do you, e.g., allow a > restricted piece of code write access to only a specified area of the > filesystem? >
Wrapper around open() that does proper checking of its arguments. I will be discussing my security stuff at PyCon if you are attending and are interested. -Brett _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
