On Wed, May 09, 2001 at 06:06:33AM -0700, larry a price wrote:
> On Tue, 8 May 2001, Jacob Meuser wrote:
> > One other thing to note - perl is standard on almost every Unix-like
> > OS. Python is not, at least not yet.
>
> It's standard with redhat and it's relatives (it's behind that nice
> graphical install) It's also the implentation behind esr's latest project
> CML2 which is a build-time configurator for the linux kernel
>
> > I would venture to say that mod_perl
> > is in wider use than mod_python, if you're looking for web usage.
>
> There's also Zope, which is an application server written in python and
> provides it's own webserver and object persistence framework. Zope is sort
> of the cadillac of web programming environments, very nice but rather big
> and demanding of resources.
>
> > Does the concept of "tainted data" exist in python? Haven't looked into
> > it thoroughly yet. Are there any built in security features in python?
>
> What do you mean by "tainted data" I've heard the term before, but it was
> in Javascript context. There is a standard library module "rexec" which
> provides a restricted execution environment for executing untrusted
> code. As well as the standard regular expressions available for filtering
> out nasties from cgi input. Otherwise, it's up to you (doesn't matter what
> language).
True, the security of code first comes from the coder. But it doesn't
hurt to have some kind backing for any code, no matter how secure it
may seem.
Tainted data in perl is basically anything that comes into your program
from outside sources, be it a database, user input, data from a file,
whatever. In taint mode, tainted data (at least theoretically) cannot
be used to affect anything else outside the program. Perl goes into
taint mode automatically when it notices that real and effective
UIDs and GIDs are out of sync. You can also enable taint mode with
the -T flag. This is highly recommended for CGI scripts.
<[EMAIL PROTECTED]>
>
> --larry
>
