[Python-Dev] PEP 215 redux: toward a simplified consensus? (original) (raw)

Paul Prescod paul@prescod.net
Mon, 25 Feb 2002 15:12:31 -0800

• Previous message: [Python-Dev] PEP 215 redux: toward a simplified consensus?
• Next message: [Python-Dev] PEP 215 redux: toward a simplified consensus?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Fred L. Drake, Jr." wrote:

... Yes, but I'm not convinced this has any more security implications implications than using a library function to perform the transformation.

The point is that the simplest mechanism, that we teach to newbies, has security non-obvious "concerns". If we have literal interpolation, then a library function would be used by people who WANT to do it at runtime because they have a REASON for doing it at runtime and thus have a pretty clear concept of the distinction between runtime and compile time.

But as I've said, the major reason for this is not security. I don't know that a Python program has been hacked through "%" so it doesn't make sense to lose sleep over it. The major reason for doing it at compile time (for me) is that you can have a nice syntax that doesn't evolve modulus-ing (or dividing) an otherwise useless vars() or locals() dictionary.

Paul Prescod

• Previous message: [Python-Dev] PEP 215 redux: toward a simplified consensus?
• Next message: [Python-Dev] PEP 215 redux: toward a simplified consensus?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]