On Wed, Jul 30, 2008 at 11:17 AM, Guido van Rossum <[EMAIL PROTECTED]> wrote: > On Mon, Jul 21, 2008 at 10:41 AM, A.M. Kuchling <[EMAIL PROTECTED]> wrote: >> On Mon, Jul 21, 2008 at 03:53:18PM +0000, Antoine Pitrou wrote: >>> The underscore at the beginning of _sre clearly indicates that the module is >>> not recommended for direct consumption, IMO. Even the functions that don't >>> themselves start with an underscore... >> >> Sure, but if someone is trying to break in or DoS your application >> server, they don't care if the module starts with an underscore or >> not. >> >> To answer Victor's original question: the parser & compiler that turn >> a regex into bytecode is written in Python. I can't think of a way to >> prevent other Python modules from importing _sre or accessing the >> compile() function; if nothing else, code could always do 'import re ; >> re.sre_compile._sre.compile(...)'. > > I've written a re-code verifier for the Google App Engine. I have > permission to open source this, hopefully I will get to this before > 2.6 beta 3.
The code is now in the bug tracker: http://bugs.python.org/issue3487 I'll hold off submitting for a while until Barry has had the time to veto it (or hopefully not :-). -- --Guido van Rossum (home page: http://www.python.org/~guido/) _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
