Yeah, right. Let's continue there. --- Giampaolo http://code.google.com/p/pyftpdlib
On 29 Set, 22:44, "Josiah Carlson" <[EMAIL PROTECTED]> wrote: > On Mon, Sep 29, 2008 at 12:02 PM, Giampaolo Rodola' <[EMAIL PROTECTED]> wrote: > > On 27 Set, 20:04, "Josiah Carlson" <[EMAIL PROTECTED]> wrote: > >> On Sat, Sep 27, 2008 at 8:54 AM, Victor Stinner > > >> <[EMAIL PROTECTED]> wrote: > >> > Second, I would like to help to fix all Python security issues. It looks > >> > like > >> > Python community isn't very reactive (proactive?) about security. Eg. a > >> > DoS > >> > was reported in smtpd server (integrated to Python)... 15 months ago. A > >> > patch > >> > is available but it's not applied in Python trunk. > > >> The smtpd module is not meant to be used without modification. It is > >> the responsibility of the application writer to decide the limitations > >> of the emails they want to allow sending, and subsequently handle the > >> case where emails overrun that limit. > > > The issue does not concern the emails but the buffer used internally > > to store the received raw data sent by client. > > The user who wants to fix the issue (#1745035) should override the > > collect_incoming_data method which is usually not meant to be > > modified. > > Moreover, there are two RFCs which state that extremely long lines > > must be truncated and an error reply must be returned. > > We can and should discuss the specifics of this item in the bug report > itself. I should have replied there instead. > > - Josiah > _______________________________________________ > Python-Dev mailing list > [EMAIL PROTECTED]://mail.python.org/mailman/listinfo/python-dev > Unsubscribe:http://mail.python.org/mailman/options/python-dev/python-dev2-garchiv...- > Nascondi testo citato > > - Mostra testo citato - _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com