[Python-Dev] Re: cgitb.py for Python 2.2 (original) (raw)

Guido van Rossum guido@zope.com
Sat, 04 Aug 2001 03:32:04 -0400

• Previous message: [Python-Dev] Re: cgitb.py for Python 2.2
• Next message: [Python-Dev] Re: cgitb.py for Python 2.2
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Give it up, Ping. cgitb writes the tb to stdout, not to stderr, and that's enough of a difference in behavior to require explicit enabling. It's not worth your energy to try and convince us.

Let's have the cgitb module as an optional feature. Let's update various documentation to suggest this boilerplate at the top of CGI modules:

import cgi import cgitb; cgitb.enable()

Regarding the secrecy of tracebacks: normal tracebacks are seen by a user who has logged in to the system and who can look at the source code anyway. Web tracebacks can be seen as invitations to hackerz without any source access to look for weaknesses in the script. That's a very different thing from a security point of view! (Security by obscurity, maybe, but nevertheless better than hanging out your dirty laundry to dry in public. Enough hackerz know Python.)

--Guido van Rossum (home page: http://www.python.org/~guido/)

• Previous message: [Python-Dev] Re: cgitb.py for Python 2.2
• Next message: [Python-Dev] Re: cgitb.py for Python 2.2
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]