The following modules have specific security considerations:
base64: base64 security considerations in RFC 4648
cgi: CGI security considerations
hashlib: all constructors take a “usedforsecurity” keyword-only argument disabling known insecure and blocked algorithms
http.server is not suitable for production use, only implementing basic security checks. See the security considerations.
logging: Logging configuration uses eval()
multiprocessing: Connection.recv() uses pickle
pickle: Restricting globals in pickle
random shouldn’t be used for security purposes, use secrets instead
shelve: shelve is based on pickle and thus unsuitable for dealing with untrusted sources
ssl: SSL/TLS security considerations
subprocess: Subprocess security considerations
tempfile: mktemp is deprecated due to vulnerability to race conditions
xml: XML vulnerabilities
zipfile: maliciously prepared .zip files can cause disk volume exhaustion
The -I command line option can be used to run python in isolated mode. When it cannot be used, the -P option or the PYTHONSAFEPATH environment variable can be used to not prepend a potentially unsafe path to sys.path such as the current directory, the script’s directory or an empty string.
本文名称:创新互联Python教程:SecurityConsiderations
URL分享:http://www.csdahua.cn/qtweb/news38/448788.html
网站建设、网络推广公司-快上网,是专注品牌与效果的网站制作,网络营销seo公司;服务项目有等
声明:本网站发布的内容(图片、视频和文字)以用户投稿、用户转载内容为主,如果涉及侵权请尽快告知,我们将会在第一时间删除。文章观点不代表本网站立场,如需处理请联系客服。电话:028-86922220;邮箱:631063699@qq.com。内容未经允许不得转载,或转载时需注明来源: 快上网