On Sat, Aug 14, 2010 at 08:01:00PM -0700, Stephen Hansen wrote: > > As you can see, black listing isn't the best approach here. > > But I have a two pronged strategy: the black list is only half of the > equation. One, I'm blacklisting all the meta functions out of builtins. But blacklists are *never* secure. Sorry, but you should fully understand this before even thinking about more detailed security.
Why are you blacklisting the "known-bad" functions instead of whitelising the allowed ones?? regards, Roland -- http://mail.python.org/mailman/listinfo/python-list
