[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

configparser v/s file variables

On Wed, 27 Jun 2018 12:15:23 -0700, Jim Lee wrote:

>  ? It seems a bit silly to me to worry about arbitrary code execution
>  ? in
> an interpreted language like Python whose default runtime execution
> method is to parse the source code directly.? An attacker would be far
> more likely to simply modify the source to achieve his ends rather than
> try to inject a payload externally.

Spoken like a single user on a single-user machine who has administrator 
privileges and can write to anything anywhere.

Steven D'Aprano
"Ever since I learned about confirmation bias, I've been seeing
it everywhere." -- Jon Ronson