[Python-Dev] PEP 215 redux: toward a simplified consensus? (original) (raw)

Martin v. Loewis martin@v.loewis.de
25 Feb 2002 23:25:48 +0100

• Previous message: [Python-Dev] PEP 215 redux: toward a simplified consensus?
• Next message: [Python-Dev] PEP 215 redux: toward a simplified consensus?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

barry@zope.com (Barry A. Warsaw) writes:

JE> i.e., the translator (or other person who can influence the JE> format string) can access other information in the dict you JE> pass in, even if you didn't intend it.

That's a very interesting vulnerability you bring up!

That's not a vulnerability. It assumes that the translator is an attacker, or that the attacker can change the catalogs. If he is or can, you could not trust them, anyway, as they could cause arbitrary other failures, as well.

Regards, Martin

• Previous message: [Python-Dev] PEP 215 redux: toward a simplified consensus?
• Next message: [Python-Dev] PEP 215 redux: toward a simplified consensus?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]