On Mon, 2006-01-16 at 16:00 -0500, Tim Lesher wrote: > On 1/15/06, Cliff Wells <[EMAIL PROTECTED]> wrote: > > If anyone here develops GUI apps using wxPython, you may find this > > interesting: > > > > http://blog.develix.com/archive/2006/01/15/using-turbogears-serve-wxpython-guis/ > > This is technically very cool, but it seems to me that downloadable, > automatically-run, unsandboxed Python code is a beautiful security > hole just waiting to happen... :-) >
Really? How? The URI is hardcoded into the client application, so the only place to acquire potentially "unsafe" code is from the place where they acquired the original application. Of course, it's arguable that the person running the wxPython client application must trust the developer a great deal, but I don't see where that is ever *not* the case. Caveat emptor. As ever, it's always possible to shoot yourself in the foot, but I fail to see how this technique provides any novel ways of doing so. Regards, Cliff
