In article <[email protected]>, Carl Banks <[email protected]> wrote: >On Jul 22, 8:38=A0pm, [email protected] (Aahz) wrote: >> In article <[email protected]= >.com>, >> Carl Banks =A0<[email protected]> wrote: >>> >>>You have to be REALLY REALLY careful not to pass any user-supplied >>>data to it if this is a server running on your computer, of course. >> >> Unless, of course, your users are paying for this service. > >Well, yes, but I assume that by the time you're deliberately letting >users pay to run their programs on your server, you will already have >deployed a full-blown, multi-tiered security strategy that includes >validation by the server process. That was sort of beyond the scope >of the OP's question.
That's not necessarily a good assumption. -- Aahz ([email protected]) <*> http://www.pythoncraft.com/ "At Resolver we've found it useful to short-circuit any doubt and just refer to comments in code as 'lies'. :-)" --Michael Foord paraphrases Christian Muirhead on python-dev, 2009-03-22 -- http://mail.python.org/mailman/listinfo/python-list
