configparser v/s file variables
On Wed, 27 Jun 2018 12:15:23 -0700, Jim Lee wrote:
> ? It seems a bit silly to me to worry about arbitrary code execution
> ? in
> an interpreted language like Python whose default runtime execution
> method is to parse the source code directly.? An attacker would be far
> more likely to simply modify the source to achieve his ends rather than
> try to inject a payload externally.
Spoken like a single user on a single-user machine who has administrator
privileges and can write to anything anywhere.
"Ever since I learned about confirmation bias, I've been seeing
it everywhere." -- Jon Ronson