Vajrasky Kok added the comment:
Hi, Senthil Kumaran, thank you for your review.
I have one small complain about your improved patch. Perhaps we need to give
security warning when they want to use allow_dotted_names feature in the
documentation. I omitted the warning in the demo because it is just a demo.
>From the source code (Lib/xmlrpc/server.py):
*** SECURITY WARNING: ***
Enabling the allow_dotted_names options allows intruders
to access your module's global variables and may allow
intruders to execute arbitrary code on your machine. Only
use this option on a secure, closed network.
Whether we want to give a separate example without allow_dotted_names feature
or using example without allow_dotted_names feature entirely, I am not really
sure.
What do you say?
----------
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue19082>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
