Why Is Escaping Data Considered So Magical?
Lawrence D'Oliveiro
ldo at geek-central.gen.new_zealand
Fri Jun 25 20:49:09 EDT 2010
More information about the Python-list mailing list
Fri Jun 25 20:49:09 EDT 2010
- Previous message (by thread): Why Is Escaping Data Considered So Magical?
- Next message (by thread): Why Is Escaping Data Considered So Magical?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In message <slrni297ec.1m5.grahn+nntp at frailea.sa.invalid>, Jorgen Grahn wrote: > I thought it was well-known that the solution is *not* to try to > sanitize the input -- it's to switch to an interface which doesn't > involve generating an intermediate executable. In the Python example, > that would be something like os.popen2(['zcat', '-f', '--', untrusted]). That’s what I mean. Why do people consider input sanitization so hard?
- Previous message (by thread): Why Is Escaping Data Considered So Magical?
- Next message (by thread): Why Is Escaping Data Considered So Magical?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-list mailing list