On 6/26/21 1:55 PM, Marc-Andre Lemburg wrote:
> On 26.06.2021 21:32, Ethan Furman wrote:
>> In most cases I would agree with you, but in this case the object is security
>> sensitive, and security should be much more rigorous in ensuring correctness.
>
> Isn't this more an issue of API design rather than Python's
> flexibility when it comes to defining attributes ?
I think it's both, with the majority of the responsibility being on the API
design.
> IMO, a security relevant API should not use direct attribute
> access for adjusting important parameters. Those should always
> be done using functions or method calls which apply extra sanity
> checks and highlight issues in form of exceptions.
Agreed -- but Python's nature makes it easy to use attribute access to make adjustments, and that should also be
constrained in security conscious objects.
--
~Ethan~
_______________________________________________
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-le...@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at
https://mail.python.org/archives/list/python-ideas@python.org/message/W37274R4WDTRXG2Y2U4RPTFHWXBEGZFE/
Code of Conduct: http://python.org/psf/codeofconduct/
