Message 146065 - Python tracker

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

In-reply-to
Author	ncoghlan
Recipients	alex, ncoghlan
Date	2011年10月21日.06:41:57
SpamBayes Score	0.02147777
Marked as misclassified	No
Message-id	<1319179318.53.0.205854726663.issue13238@psf.upfronthosting.co.za>

Content
Perhaps a better idea would be to use different names, so it's clearer at the point of invocation that the shell is being invoked (and hence shell injection attacks are a potential concern). For example: shell_call check_shell_call check_shell_output That would make large applications easier to audit (just search for 'shell_') while still making life easier for sysadmins.

Content

Perhaps a better idea would be to use different names, so it's clearer at the point of invocation that the shell is being invoked (and hence shell injection attacks are a potential concern). For example:
 shell_call
 check_shell_call
 check_shell_output
That would make large applications easier to audit (just search for 'shell_') while still making life easier for sysadmins.

History
Date	User	Action	Args
2011年10月21日 06:41:58	ncoghlan	set	recipients: + ncoghlan, alex
2011年10月21日 06:41:58	ncoghlan	set	messageid: <1319179318.53.0.205854726663.issue13238@psf.upfronthosting.co.za>
2011年10月21日 06:41:57	ncoghlan	link	issue13238 messages
2011年10月21日 06:41:57	ncoghlan	create

homepage