On Sat, Oct 10, 2009 at 5:31 AM, Didar Hossain <didar.hoss...@gmail.com> wrote: > Hi, > > This is a little off-topic, but, I though I might put this question in. > > Since I am learning Python, I was wondering if there are any good > references on secure > coding practices. Books, guides or even any howtos would suffice.
I don't know any references, but a few tips: - don't use eval or exec on untrusted code - don't unpickle data from an untrusted source - don't use string formatting to create SQL statements - use the two-argument form of execute() to pass args as a sequence - AFAIK there is no generally accepted, secure sandbox for running untrusted Python code (other than Google App Engine I guess) so don't run untrusted code Kent _______________________________________________ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
