Am Wed, 20 Apr 2011 19:26:44 +1000 schrieb Chris Angelico <ros...@gmail.com>:
> Yes, but the other half of the issue is that you have to treat > anything that comes over the network as "user input", even if you > think it's from your own program that you control. Sure. > Buffer overruns can happen in all sorts of places; SQL injection can > only happen where you talk to the database. And it IS just a matter of > using a magic auto-escape function, if your library is set up right - No. Not all data is strings. > Not at all; just never *trust* user input. Where thou typest foo, > someone someday will type... I never *trust* the user *blindly* as you do with your magic-escape-function so where do we disagree? Greets Basti
signature.asc
Description: PGP signature
-- http://mail.python.org/mailman/listinfo/python-list