Duncan Booth <[EMAIL PROTECTED]> writes: > In other words, I'm intrigued how you managed to come up with something you > consider to be a security issue with Python since Python offers no > security. Perhaps, without revealing the actual issue in question, you > could give an example of some other situation which, if it came up in > Python you would consider to be a security issue?
Until fairly recently, the pickle module was insufficiently documented as being unsafe to use with hostile data, so people used it that way. As a result, the Cookie module's default settings allowed remote attackers to take over Python web apps. See SF bug 467384. -- http://mail.python.org/mailman/listinfo/python-list
