Re: security quirk

RichD contributed wisdom to news:badd4188-196b- [email protected]: > On Jan 30, Gandalf Parker > wrote: >> > Web gurus, what's going on? >> >> That is the fault of the site itself. >> If they are going to block access to users then they should also block >> ac

Re: security quirk

On 1/29/2013 11:55 PM, RichD wrote: I read Wall Street Journal, and occasionally check articles on their Web site. It's mostly free, with some items available to subscribers only. It seems random, which ones they block, about 20%. Anywho, sometimes I use their search utility, the usual author

Re: security quirk

On Jan 31, 5:39 am, RichD wrote: > well yeah, but what's going on, under the hood? > How does it get confused?  How could this > happen?  I'm looking for some insight, regarding a > hypothetical programmimg glitch - As has been stated, this has nothing to do with Python, so please stop posting yo

Re: security quirk

Martin Musatov wrote: > On Jan 29, 8:55 pm, RichD wrote: >> I read Wall Street Journal, and occasionally check > [snip] > > Ignoring the big ol' unneccessary crosspost... What the fuck? -- Oooh, I just learned a new euphemism. -- http://mail.python.org/mailman/listinfo/python-list

Re: security quirk

On 01/29/13 20:55, RichD so wittily quipped: I read Wall Street Journal, and occasionally check articles on their Web site. It's mostly free, with some items available to subscribers only. It seems random, which ones they block, about 20%. Anywho, sometimes I use their search utility, the usua

Re: security quirk

On Wed, Jan 30, 2013 at 2:39 PM, RichD wrote: > On Jan 30, Gandalf Parker > wrote: > > > Web gurus, what's going on? > > > > That is the fault of the site itself. > > If they are going to block access to users then they should also block > > access to the automated spiders that hit the site to

Re: security quirk

On Jan 30, Gandalf Parker wrote: > > Web gurus, what's going on? > > That is the fault of the site itself. > If they are going to block access to users then they should also block > access to the automated spiders that hit the site to collect data. well yeah, but what's going on, under the hood?

Re: security quirk

RichD contributed wisdom to news:b968c6c6-5aa9- [email protected]: > Web gurus, what's going on? > That is the fault of the site itself. If they are going to block access to users then they should also block access to the automated spiders that hit the site t

Re: security quirk

On Jan 29, 8:55 pm, RichD wrote: > I read Wall Street Journal, and occasionally check 00commentBegin 01comment 02commentEnd 03 04 (); Open

Re: security quirk

On Tue, Jan 29, 2013 at 8:55 PM, RichD wrote: > I read Wall Street Journal, and occasionally check > articles on their Web site. It's mostly free, with some items > available to subscribers only. It seems random, which ones > they block, about 20%. > > Anywho, sometimes I use their search utilit

Re: security quirk

On Tue, Jan 29, 2013 at 11:55 PM, RichD wrote: > I read Wall Street Journal, and occasionally check > articles on their Web site. It's mostly free, with some items > available to subscribers only. It seems random, which ones > they block, about 20%. > > Anywho, sometimes I use their search util

Re: Security test of embedded Python

On 22-6-2011 4:44, Chris Angelico wrote: > Followup: The test box has been administratively taken offline after > about an hour of testing. Thank you to everyone who participated; it > seems we have a lot of changes to make! > > Monty failed the test. But it was an incredibly successful test. And

Re: Security test of embedded Python

Hi, The Google App Engine product seems to sandbox Python code, however it comes with a lot of limitations and maybe those can be an inspiration for how you design your infrastructure. http://code.google.com/appengine/docs/python/overview.html http://code.google.com/appengine/kb/commontasks.html

Re: Security test of embedded Python

Chris Angelico writes: > Meanwhile, I'm looking into V8 and whether we can do everything we > need to that way, and how much dev time it's going to take me to > change languages... If you want to run Python, one obvious approach is a controlled-execution wrapper like Geordi uses. -- http://mail.

Re: Security test of embedded Python

On Wed, Jun 22, 2011 at 1:09 PM, Benjamin Kaplan wrote: > Use Pyjamas with that and now you have your sandboxed Python :) > Not a day goes past without a reminder that I haven't yet explored Pyjamas! :) Monty's back online now in a restricted environment. I'm going to a meeting in a couple of ho

Re: Security test of embedded Python

On Tue, Jun 21, 2011 at 7:40 PM, Paul Rubin wrote: > Chris Angelico writes: >> I'll also be looking into Pike. Unfortunately its community is far >> smaller than Python's, so security holes may be less obvious. > > Actually the most obvious and widespread sandboxed language these days > is Javasc

Re: Security test of embedded Python

Chris Angelico writes: > I'll also be looking into Pike. Unfortunately its community is far > smaller than Python's, so security holes may be less obvious. Actually the most obvious and widespread sandboxed language these days is Javascript. There's several embeddable implementations. Maybe you

Re: Security test of embedded Python

Followup: The test box has been administratively taken offline after about an hour of testing. Thank you to everyone who participated; it seems we have a lot of changes to make! Monty failed the test. But it was an incredibly successful test. And hopefully, we'll be bringing things back online for

Re: Security test of embedded Python

On Wed, Jun 22, 2011 at 12:02 PM, Paul Rubin wrote: > Chris Angelico writes: >> users to supply scripts which will then run on our servers... >> The environment is Python 3.3a0 embedded in C++, running on Linux. > > This doesn't sound like a bright idea, given the well-known difficulty > of sandb

Re: Security test of embedded Python

Chris Angelico writes: > users to supply scripts which will then run on our servers... > The environment is Python 3.3a0 embedded in C++, running on Linux. This doesn't sound like a bright idea, given the well-known difficulty of sandboxing Python. Geordi

Re: Security implications of using open() on untrusted strings.

On Tue, 25 Nov 2008 23:37:25 +0100, News123 <[EMAIL PROTECTED]> wrote: > Jorgen Grahn wrote: >> Compare with a language (does Perl allow this?) where if the string >> is "rm -rf /|", open will run "rm -rf /" and start reading its output. >> *That* interface would have been > Good example. (

Re: Security implications of using open() on untrusted strings.

Jorgen Grahn wrote: > Compare with a language (does Perl allow this?) where if the string > is "rm -rf /|", open will run "rm -rf /" and start reading its output. > *That* interface would have been Good example. (for perl): The problem doesn't exist in python open("rm -rf / |") would try t

Re: Security implications of using open() on untrusted strings.

On Tue, 25 Nov 2008 02:26:32 -0500, r0g <[EMAIL PROTECTED]> wrote: > Jorgen Grahn wrote: ... >> Or am I missing something? > No Jorgen, that's exactly what I needed to know i.e. that sending > unfiltered text to open() is not negligent or likely to allow any > badness to occur. > > As far as what

Re: Security implications of using open() on untrusted strings.

On Tue, 25 Nov 2008 20:40:57 +1300, Lawrence D'Oliveiro <[EMAIL PROTECTED]> wrote: > Jorgen Grahn wrote: > >> Seems to me you simply want to know beforehand that the reading will >> work. But you can never check that! You can stat(2) the file, or >> open-and-close it -- and then a microsecond la

Re: Security implications of using open() on untrusted strings.

Jorgen Grahn wrote: > Seems to me you simply want to know beforehand that the reading will > work. But you can never check that! You can stat(2) the file, or > open-and-close it -- and then a microsecond later, someone deletes the > file, or replaces it with another one, or write-protects it, or

Re: Security implications of using open() on untrusted strings.

Jorgen Grahn wrote: > On Mon, 24 Nov 2008 00:44:45 -0500, r0g <[EMAIL PROTECTED]> wrote: >> Hi there, >> >> I'm trying to validate some user input which is for the most part simple >> regexery however I would like to check filenames and I would like this >> code to be multiplatform. >> >> I had hop

Re: Security implications of using open() on untrusted strings.

On Mon, 24 Nov 2008 00:44:45 -0500, r0g <[EMAIL PROTECTED]> wrote: > Hi there, > > I'm trying to validate some user input which is for the most part simple > regexery however I would like to check filenames and I would like this > code to be multiplatform. > > I had hoped the os module would have a

Re: Security implications of using open() on untrusted strings.

r0g wrote: Yep, I spotted that too which is why white-listing is my fallback plan. My question is really about the security of using unfiltered data in a filesystem function though. Are there particualar exploits that could make use of such unfiltered calls? The classic one would be submitting

Re: Security implications of using open() on untrusted strings.

r0g <[EMAIL PROTECTED]> wrote: > Although it's a desktop (not internet facing) app I'm a little squeamish > piping raw user input into a filesystem function like that and this app > will be dealing with some particularly sensitive data so I want to be > careful and minimize exposure where practica

Re: Security implications of using open() on untrusted strings.

Steven D'Aprano wrote: > On Mon, 24 Nov 2008 00:44:45 -0500, r0g wrote: > >> Hi there, >> >> I'm trying to validate some user input which is for the most part simple >> regexery however I would like to check filenames and I would like this >> code to be multiplatform. >> >> I had hoped the os modu

Re: Security implications of using open() on untrusted strings.

On Mon, 24 Nov 2008 00:44:45 -0500, r0g wrote: > Hi there, > > I'm trying to validate some user input which is for the most part simple > regexery however I would like to check filenames and I would like this > code to be multiplatform. > > I had hoped the os module would have a function that wo

Re: security code whit python

Ahh, crap! Wildemar Wildenburger wrote: > [EMAIL PROTECTED] wrote: >> have you got any example?pls :S >> > I suggest you learn to use internet search. And if you already know it, > please use it before asking that. 10 seconds of search (!) and I had: > Make that 2 seconds: > http://www.google.de

Re: security code whit python

[EMAIL PROTECTED] wrote: > I have setuped pyx i wonder i have mistake? > You need a running TeX/LaTeX system for pyx. Sorry, forgot about that. Also, I suggest you follow Scotts advice in reading http://www.catb.org/~esr/faqs/smart-questions.html>. If you're really looking for a way to generate

Re: security code whit python

[EMAIL PROTECTED] wrote: > have you got any example?pls :S > I suggest you learn to use internet search. And if you already know it, please use it before asking that. 10 seconds of search (!) and I had: http://www.google.de/search?hl=de&q=pil%20python%20examples&btnG=Google-Suche&meta=> and fro

Re: security code whit python

> "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> (oc) wrote: >oc> thank you >oc> but it said """ >oc> Traceback (most recent call last): >oc> File "", line 1, in >oc> c.text(0, 0, "Hello, world!") >oc> File "C:\web\apache\python\lib\pyx\canvas.py", line 309, in text >oc> return self.inse

Re: security code whit python

[EMAIL PROTECTED] wrote: > On 10 Kas m, 23:57, Wildemar Wildenburger > I have setuped pyx i wonder i have mistake? So far you seem to be treating this group as a free help desk for a program you have paid thousands of dollars for. See http://www.catb.org/~esr/faqs/smart-questions.html You'

Re: security code whit python

On 10 Kas m, 23:57, Wildemar Wildenburger <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] wrote: > > I want to create picture of security code.can i do it ? > > I don't know what you mean by "security code". > > I take it you want to create technical diagrams, from a sort of > algorithmic descriptio

Re: security code whit python

Wildemar Wildenburger <[EMAIL PROTECTED]> writes: > [EMAIL PROTECTED] wrote: > > I want to create picture of security code.can i do it ? > I don't know what you mean by "security code". I think that means a captcha (www.captcha.net). -- http://mail.python.org/mailman/listinfo/python-list

Re: security code whit python

[EMAIL PROTECTED] wrote: > I want to create picture of security code.can i do it ? I don't know what you mean by "security code". I take it you want to create technical diagrams, from a sort of algorithmic description? PIL might help you, as paulC pointed out. It works on raster images (bitmap

Re: security code whit python

have you got any example?pls :S -- http://mail.python.org/mailman/listinfo/python-list

Re: security code whit python

On 10 Nov, 16:04, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > hii my friends; > I want to create picture of security code.can i do it ? > if yes,how , which module will help me? > have you got a example that can create a picture whit my name > pls help me > thansk > oruc You may find the Pyt

Re: security code whit python

wha :S -- http://mail.python.org/mailman/listinfo/python-list

Re: security code whit python

* [EMAIL PROTECTED] (Sat, 10 Nov 2007 21:15:13 -) > is there anybody here !!! The Internet has gone home. Come again tomorrow... T. -- http://mail.python.org/mailman/listinfo/python-list

Re: security code whit python

is there anybody here !!! -- http://mail.python.org/mailman/listinfo/python-list

Re: Security Descriptor and CoInitializeSecurity

Huayang Xia wrote: > I'd like to call pythoncom.CoInitializeSecurity with a > PySecurityDescriptor object to set the process-wide security values. > But I'm not able to find a way to let the code go through. > > I have read MSDN and searched web, I've not been able to find answer. I > cooked a sec

Re: SECURITY ADVISORY [PSF-2006-001] Buffer overrun in repr() for UCS-4 encoded unicode strings

On Thursday 12 October 2006 17:31, Anthony Baxter wrote: >SECURITY ADVISORY [PSF-2006-001] > Buffer overrun in repr() for UCS-4 encoded unicode strings > > http://www.python.org/news/security/PSF-2006-001/ As a few people noted in email to me - the patch directory was not _quite_

Re: security

"Mattia Adami" <[EMAIL PROTECTED]> writes: > Hi to all. > I'm intristing in write a plugin for browsers that can execute python > code. > I know the main problem is security. Many thread were opened about this > in the ng. > I would know if fork python rewriting some library could avoid > problems

Re: security

Mattia Adami a écrit : > Hi to all. > I'm intristing in write a plugin for browsers that can execute python > code. > I know the main problem is security. Many thread were opened about this > in the ng. > I would know if fork python rewriting some library could avoid > problems. I.e. one problem is

Re: Security on XML-RPC

dcrespo wrote: >Hi all, > >Anyone knows a simpler but stronger control access to XML-RPC functions >than the one I comment here? > >My actual system works like this: > >I have a TCP Server and an XML-RPC Server. Both of them verify if the >IP address is allowed. > >The TCP Server works for validat