In article <20efdb6a-c1a5-47dc-8546-7c4ae548e...@g1g2000pra.googlegroups.com>, Carl Banks <pavlovevide...@gmail.com> wrote: >On Jul 22, 8:38=A0pm, a...@pythoncraft.com (Aahz) wrote: >> In article <f3d88edf-b5d3-43e4-89a3-b05ef0f55...@p28g2000vbn.googlegroups= >.com>, >> Carl Banks =A0<pavlovevide...@gmail.com> wrote: >>> >>>You have to be REALLY REALLY careful not to pass any user-supplied >>>data to it if this is a server running on your computer, of course. >> >> Unless, of course, your users are paying for this service. > >Well, yes, but I assume that by the time you're deliberately letting >users pay to run their programs on your server, you will already have >deployed a full-blown, multi-tiered security strategy that includes >validation by the server process. That was sort of beyond the scope >of the OP's question.
That's not necessarily a good assumption. -- Aahz (a...@pythoncraft.com) <*> http://www.pythoncraft.com/ "At Resolver we've found it useful to short-circuit any doubt and just refer to comments in code as 'lies'. :-)" --Michael Foord paraphrases Christian Muirhead on python-dev, 2009-03-22 -- http://mail.python.org/mailman/listinfo/python-list
