[Python-Dev] XML DoS vulnerabilities and exploits in Python (original) (raw)

Antoine Pitrou solipsis at pitrou.net
Thu Feb 21 07:56:11 CET 2013

• Previous message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
• Next message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 21 Feb 2013 10:38:07 +1000 Nick Coghlan <ncoghlan at gmail.com> wrote:

On Thu, Feb 21, 2013 at 9:49 AM, Tres Seaver <tseaver at palladion.com> wrote: > Two words: "hash randomization". If it applies to one, it applies to > the other.

Agreed. Christian's suggested approach sounds sane to me: - make it possible to enable safer behaviour globally in at least 2.7 and 3.3 (and perhaps in 2.6 and 3.2 security releases as well) - make the safer behaviour the default in 3.4 - make it possible to selectively disable the safeguards in all versions

+1 from me.

Regards

Antoine.

• Previous message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
• Next message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list